Security News
New botnet and cryptominer Panchan attacking Linux servers. Akamai Security Research announced on Wednesday it has uncovered a new botnet attacking the Linux servers of telecom and education providers in Asia, Europe and the Americas.
A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately.
A new Linux malware that's "Nearly impossible to detect" can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. The name is an homage to how the malware operates, which is differently than other Linux malware that researchers have encountered, Kennedy explained.
A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet. "The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect," Avast security researchers David Álvarez and Jan Neduchal said in a report published Monday.
A new Linux rootkit malware named 'Syslogk' is being used in attacks to hide malicious processes, using specially crafted "Magic packets" to awaken a backdoor laying dormant on the device. Syslogk can force-load its modules into the Linux kernel, hide directories and network traffic, and eventually load a backdoor called 'Rekoobe.
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based messenger instances," Daniel Bunce and Doel Santos, security researchers from Palo Alto Networks Unit 42, said in a new write-up.
We still had some interesting ransomware reports released this week. Advanced Intel released a deep dive on BlackCat/AlphV, revealing some of the technical details of the ransomware operation.
Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file. Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil.
Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. "What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object library that is loaded into all running processes using LD PRELOAD, and parasitically infects the machine," the researchers pointed out.
Cybersecurity researchers have taken the wraps off what they call a "Nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a parasite.