Security News > 2024 > March > Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems.

Magnet Goblin - as the threat actor has been dubbed by Check Point researchers - has been targeting unpatched edge devices and public-facing servers for years.

The threat actor commonly deploys custom malware, specifically NerbianRAT, MiniNerbian, and the WARPWIRE JavaScript stealer.

Researchers first detected the NerbianRAT for Windows in 2022, while the "Sloppily compiled" Linux variant was first seen in May 2022 and "Barely has any protective measures".

NerbianRAT is a remote access trojan that, after a successful exploitation, is deployed together with its simplified version, MiniNerbian, a Linux backdoor used for command execution.

The group has been quick to adopt 1-day vulnerabilities to deliver their custom Linux malware, and those tools have operated under the radar as they mostly reside on edge devices, the researchers noted.

News URL

https://www.helpnetsecurity.com/2024/03/12/custom-linux-malware/