Security News > 2024 > February > New Bifrost malware for Linux mimics VMware domain for evasion
A new Linux variant of the Bifrost remote access trojan employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.
The analysis of the latest Bitfrost samples by Unit 42 researchers has uncovered several interesting updates that enhance the malware's operational and evasion capabilities.
First, the command and control server the malware connects to uses the "Download.vmfare[.]com" domain, which appears similar to a legitimate VMware domain, allowing it to be easily missed during inspection.
Another new finding highlighted in Unit 42's report is an ARM version of Bitfrost, which has the same functionality as the x86 samples analyzed in the write-up.
FBI seizes Warzone RAT infrastructure, arrests malware vendor.
Hackers used new Windows Defender zero-day to drop DarkMe malware.
News URL
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)