Security News > 2023 > March > SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system.
The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering.
Lucky Mouse is also tracked under the monikers APT27, Bronze Union, Emissary Panda, and Iron Tiger, and is known to utilize a variety of malware such as SysUpdate, HyperBro, PlugX, and a Linux backdoor dubbed rshell.
As for the Windows version of SysUpdate, it comes with features to manage processes, take screenshots, carry out file operations, and execute arbitrary commands.
The Linux ELF samples, written in C++, are notable for using the Asio library to port the file handling functions, indicating that the adversary is looking to add cross-platform support for the malware.
Given that rshell is already capable of running on Linux and macOS, the possibility that SysUpdate could have a macOS flavor in the future cannot be discounted, Trend Micro said.
News URL
https://thehackernews.com/2023/03/sysupdate-malware-strikes-again-with.html
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)