Security News > 2023 > March > SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
2023-03-02 08:03

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system.

The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering.

Lucky Mouse is also tracked under the monikers APT27, Bronze Union, Emissary Panda, and Iron Tiger, and is known to utilize a variety of malware such as SysUpdate, HyperBro, PlugX, and a Linux backdoor dubbed rshell.

As for the Windows version of SysUpdate, it comes with features to manage processes, take screenshots, carry out file operations, and execute arbitrary commands.

The Linux ELF samples, written in C++, are notable for using the Asio library to port the file handling functions, indicating that the adversary is looking to add cross-platform support for the malware.

Given that rshell is already capable of running on Linux and macOS, the possibility that SysUpdate could have a macOS flavor in the future cannot be discounted, Trend Micro said.


News URL

https://thehackernews.com/2023/03/sysupdate-malware-strikes-again-with.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2572 1587 67 4290