Security News > 2022 > July > Sneaky Orbit Malware Backdoors Linux Devices
A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found.
Orbit can either achieve persistence on a machine or be installed as volatile implant, Intezer's Nicole Fishbein explained in a blog post on Orbit published this week.
Typically, existing Linux threats such as Symbiote and HiddenWasp hijack shared Linux libraries by modifying the environment variable LD PRELOAD. Orbit works differently using two different ways to load the malicious library, Fishbein wrote.
Specifically, Orbit uses XOR encrypted strings and steals passwords, tactics that are similar to other Linux backdoors already reported by researchers at ESET, Fishbein wrote.
Orbit loads onto a Linux machine or device via a dropper that not only installs the payload but also prepares the environment for the malware execution.
"The malware uses a hardcoded GID value to identify the files and processes that are related to the malware and based on that it will manipulate the behavior of the hooked functions," Fishbein wrote.
News URL
https://threatpost.com/sneaky-malware-backdoors-linux/180158/
Related news
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)
- New 'OtterCookie' malware used to backdoor devs in fake job offers (source)