Security News > 2024 > March > Hackers leverage 1-day vulnerabilities to deliver custom Linux malware
A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems.
Magnet Goblin - as the threat actor has been dubbed by Check Point researchers - has been targeting unpatched edge devices and public-facing servers for years.
The threat actor commonly deploys custom malware, specifically NerbianRAT, MiniNerbian, and the WARPWIRE JavaScript stealer.
Researchers first detected the NerbianRAT for Windows in 2022, while the "Sloppily compiled" Linux variant was first seen in May 2022 and "Barely has any protective measures".
NerbianRAT is a remote access trojan that, after a successful exploitation, is deployed together with its simplified version, MiniNerbian, a Linux backdoor used for command execution.
The group has been quick to adopt 1-day vulnerabilities to deliver their custom Linux malware, and those tools have operated under the radar as they mostly reside on edge devices, the researchers noted.
News URL
https://www.helpnetsecurity.com/2024/03/12/custom-linux-malware/
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)