Security News > 2024 > March > Magnet Goblin hackers use 1-day flaws to drop custom Linux malware
A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems.
Check Point analysts who identified Magnet Goblin report that these threat actors are quick to exploit newly disclosed vulnerabilities, in some cases exploiting flaws a day after a PoC exploit is released.
Magnet Goblin exploits the flaws to infect servers with custom malware, particularly NerbianRAT and MiniNerbian, as well as a custom variant of the WARPWIRE JavaScript stealer.
NerbianRAT for Windows has been known since 2022, but Check Point now reports that a sloppily compiled yet effective Linux variant used by Magnet Goblin has been in circulation since May 2022.
ScreenConnect flaws exploited to drop new ToddlerShark malware.
New WogRAT malware abuses online notepad service to store malware.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)