Security News > 2024 > March > Hackers leverage 1-day vulnerabilities to deliver custom Linux malware
A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems.
Magnet Goblin - as the threat actor has been dubbed by Check Point researchers - has been targeting unpatched edge devices and public-facing servers for years.
The threat actor commonly deploys custom malware, specifically NerbianRAT, MiniNerbian, and the WARPWIRE JavaScript stealer.
Researchers first detected the NerbianRAT for Windows in 2022, while the "Sloppily compiled" Linux variant was first seen in May 2022 and "Barely has any protective measures".
NerbianRAT is a remote access trojan that, after a successful exploitation, is deployed together with its simplified version, MiniNerbian, a Linux backdoor used for command execution.
The group has been quick to adopt 1-day vulnerabilities to deliver their custom Linux malware, and those tools have operated under the radar as they mostly reside on edge devices, the researchers noted.
News URL
https://www.helpnetsecurity.com/2024/03/12/custom-linux-malware/
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)