Security News > 2022 > July > New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits.
This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems.
"The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration," Intezer researcher Ryan Robinson said in a new report published today.
Central to the malware is a downloader and a core module, the former of which is engineered to retrieve at least seven different plugins from a remote server that are subsequently invoked by the core component.
"The Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux," Robinson pointed out.
The discovery of Lightning Framework makes it the fifth Linux malware strain to be unearthed in a short period of three months after BPFDoor, Symbiote, Syslogk, and OrBit.
News URL
https://thehackernews.com/2022/07/new-linux-malware-framework-let.html
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)