1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • If you use Linux - watch out for this stealthy new malware

    From TechnologyDaily@1337:1/100 to All on Fri May 12 15:30:03 2023
    If you use Linux - watch out for this stealthy new malware

    Date:
    Fri, 12 May 2023 14:19:46 +0000

    Description:
    A known Linux malware has gotten a major upgrade that makes it invisible to
    AV programs - for now.

    FULL STORY ======================================================================

    Experts have recently discovered an upgraded version of the BPFDoor malware for Linux , thats seemingly harder to spot - and aAs a result, no antivirus programs are still flagging the executable as malicious.

    Cybersecurity researchers from Deep Instinct noted that BPFDoor, which was first discovered in 2022, has been active since at least 2017. The tool got its name from the (ab)use of the Berkley Packet Filter (BPF), which it uses
    to get instructions and bypass any firewalls.

    Its design allows the threat actors to remain undetected on a compromised Linux system for longer periods of time, it was said. BPFDoors key feature is allowing threat actors to see all network traffic and find vulnerabilities,
    as well as sending out remote code through (now) unfiltered and unblocked channels. An eye on network traffic

    Furthermore, BPFDoor is capable of blending malicious traffic with the legitimate one, making detection and remediation even more difficult.

    But given that no antivirus still flag BPFDoor as malicious, system administrators only way of detecting it is to vigorously monitor network traffic and logs, BleepingComputer adds. They should use state-of-the-art endpoint protection solutions, and monitor the file integrity on "/var/run/initd.lock. as thats where BPFDoor creates and locks a runtime before forking itself to run as a child process. Read more

    You're a ransomware victim: Here's 5 things you should do


    The 10 worst ransomware attacks ever


    Check out the best endpoint protection tools right now

    TheHackerNews also claims that BPFDoor is usually used by Red Menshen, a threat actor associated with China. The group, active since 2021, has been mostly targeting Linux operating systems belonging to telecommunications providers in the Middle East and Asia, as well as government organizations, education firms, and logistics companies, it says on Malpedia.

    After gaining initial access, the group would use various custom tools, such as Mangzamel, Gh0st, Mimikatz, and Metasplit.

    Most of the groups activity takes place during workdays and during working hours (9-5, Monday to Friday). Here's our rundown of the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/linux-uses-warned-to-watch-out-for-this-stealth y-new-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)