Security News > 2022 > July > Sneaky Orbit Malware Backdoors Linux Devices
A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found.
Orbit can either achieve persistence on a machine or be installed as volatile implant, Intezer's Nicole Fishbein explained in a blog post on Orbit published this week.
Typically, existing Linux threats such as Symbiote and HiddenWasp hijack shared Linux libraries by modifying the environment variable LD PRELOAD. Orbit works differently using two different ways to load the malicious library, Fishbein wrote.
Specifically, Orbit uses XOR encrypted strings and steals passwords, tactics that are similar to other Linux backdoors already reported by researchers at ESET, Fishbein wrote.
Orbit loads onto a Linux machine or device via a dropper that not only installs the payload but also prepares the environment for the malware execution.
"The malware uses a hardcoded GID value to identify the files and processes that are related to the malware and based on that it will manipulate the behavior of the hooked functions," Fishbein wrote.
News URL
https://threatpost.com/sneaky-malware-backdoors-linux/180158/
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)