Security News > 2024 > February > New Bifrost malware for Linux mimics VMware domain for evasion
A new Linux variant of the Bifrost remote access trojan employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.
The analysis of the latest Bitfrost samples by Unit 42 researchers has uncovered several interesting updates that enhance the malware's operational and evasion capabilities.
First, the command and control server the malware connects to uses the "Download.vmfare[.]com" domain, which appears similar to a legitimate VMware domain, allowing it to be easily missed during inspection.
Another new finding highlighted in Unit 42's report is an ARM version of Bitfrost, which has the same functionality as the x86 samples analyzed in the write-up.
FBI seizes Warzone RAT infrastructure, arrests malware vendor.
Hackers used new Windows Defender zero-day to drop DarkMe malware.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Chinese hackers target Linux with new WolfsBane malware (source)