Security News > 2022 > July > New ‘Lightning Framework’ Linux malware installs rootkits, backdoors
A new and previously undetected malware dubbed 'Lightning Framework' targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits.
Described as a "Swiss Army Knife" in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins.
Lightning Framework is built using a simple structure: a downloader component that will download and install the malware's other modules and plugins, including its core module, on compromised Linux devices.
"The Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux," Robinson concluded.
Lightning Framework is just the latest Linux malware strain capable of fully compromising and backdooring devices that surfaced recently.
A fourth Linux malware strain, a rootkit dubbed Syslogk unveiled by Avast researchers last month, has the capability to force-load its modules into the Linux kernel, backdoor infected machines, and hide network traffic and artifacts to evade detection.
News URL
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)