Security News > 2023 > August > Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems
Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea.
"Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of systems," the AhnLab Security Emergency Response Center said in a report published this week.
ExaTrack, that same month, revealed a Chinese hacking group's use of a Linux malware called Mélofée that's based on Reptile.
The South Korean cybersecurity firm said it also detected an attack case in the country that involved the use of Reptile, while bearing some tactical similarities to Mélofée.
"Reptile is a Linux kernel mode rootkit malware that provides a concealment feature for files, directories, processes, and network communications," ASEC said.
"However, Reptile itself also provides a reverse shell, making systems with Reptile installed susceptible to being hijacked by threat actors."
News URL
https://thehackernews.com/2023/08/reptile-rootkit-advanced-linux-malware.html
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)