Security News > 2022 > July > New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits.
This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems.
"The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration," Intezer researcher Ryan Robinson said in a new report published today.
Central to the malware is a downloader and a core module, the former of which is engineered to retrieve at least seven different plugins from a remote server that are subsequently invoked by the core component.
"The Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux," Robinson pointed out.
The discovery of Lightning Framework makes it the fifth Linux malware strain to be unearthed in a short period of three months after BPFDoor, Symbiote, Syslogk, and OrBit.
News URL
https://thehackernews.com/2022/07/new-linux-malware-framework-let.html
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)