Security News > 2024 > March > Hackers leverage 1-day vulnerabilities to deliver custom Linux malware
A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems.
Magnet Goblin - as the threat actor has been dubbed by Check Point researchers - has been targeting unpatched edge devices and public-facing servers for years.
The threat actor commonly deploys custom malware, specifically NerbianRAT, MiniNerbian, and the WARPWIRE JavaScript stealer.
Researchers first detected the NerbianRAT for Windows in 2022, while the "Sloppily compiled" Linux variant was first seen in May 2022 and "Barely has any protective measures".
NerbianRAT is a remote access trojan that, after a successful exploitation, is deployed together with its simplified version, MiniNerbian, a Linux backdoor used for command execution.
The group has been quick to adopt 1-day vulnerabilities to deliver their custom Linux malware, and those tools have operated under the radar as they mostly reside on edge devices, the researchers noted.
News URL
https://www.helpnetsecurity.com/2024/03/12/custom-linux-malware/
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)