Security News > 2022 > July > New ‘Lightning Framework’ Linux malware installs rootkits, backdoors
A new and previously undetected malware dubbed 'Lightning Framework' targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits.
Described as a "Swiss Army Knife" in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins.
Lightning Framework is built using a simple structure: a downloader component that will download and install the malware's other modules and plugins, including its core module, on compromised Linux devices.
"The Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux," Robinson concluded.
Lightning Framework is just the latest Linux malware strain capable of fully compromising and backdooring devices that surfaced recently.
A fourth Linux malware strain, a rootkit dubbed Syslogk unveiled by Avast researchers last month, has the capability to force-load its modules into the Linux kernel, backdoor infected machines, and hide network traffic and artifacts to evade detection.
News URL
Related news
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
- New 'OtterCookie' malware used to backdoor devs in fake job offers (source)