Security News > 2022 > September > Chinese hackers create Linux version of the SideWalk Windows malware

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector.

The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.

After analyzing Specter and StageClient, ESET researchers determined that both malware pieces have the same root and are Linux variants of SideWalk.

ESET notes in a report today that while SideWalk Linux has been used against multiple targets in the past, their telemetry data shows that the variant they discovered was deployed against only one victim in February 2021, a university in Hong Kong.

ESET researchers also found that both Linux and Windows variants for SideWalk had the same payload delivered through the dead-drop resolver string hosted in a Google Docs file.

SparklingGoblin has the capabilities to develop malware adapted to its needs, as evidenced by the SideWalk Linux variant.

News URL

https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/