Security News > 2024 > February > New Bifrost malware for Linux mimics VMware domain for evasion
A new Linux variant of the Bifrost remote access trojan employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.
The analysis of the latest Bitfrost samples by Unit 42 researchers has uncovered several interesting updates that enhance the malware's operational and evasion capabilities.
First, the command and control server the malware connects to uses the "Download.vmfare[.]com" domain, which appears similar to a legitimate VMware domain, allowing it to be easily missed during inspection.
Another new finding highlighted in Unit 42's report is an ARM version of Bitfrost, which has the same functionality as the x86 samples analyzed in the write-up.
FBI seizes Warzone RAT infrastructure, arrests malware vendor.
Hackers used new Windows Defender zero-day to drop DarkMe malware.
News URL
Related news
- Stealthy GTPDOOR Linux malware targets mobile operator networks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)