1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A whole new kind of Linux malware has been found in the wild

    From TechnologyDaily@1337:1/100 to All on Mon Dec 11 16:15:05 2023
    A whole new kind of Linux malware has been found in the wild

    Date:
    Mon, 11 Dec 2023 16:01:08 +0000

    Description:
    Linux Remote Access Trojan identified after two years under the radar, currently targeting telecomms in Thailand.

    FULL STORY ======================================================================

    A new type of Linux malware has been identified after going unnoticed for two years thanks to work by cybersecurity researchers from Group-IB.

    The newly uncovered Linux Remote Access Trojan (RAT), Krasue, was first registered on Virustotal, and has since been targeting primarily telecommunications companies in Thailand.

    Group-IB says that Krasue poses a severe risk to critical systems and sensitive data because attackers can access a targeted network remotely. Krasue Linux RAT

    The cybersecurity analysts say that the malware contains several embedded rootkits, drawn from public sources, meaning that the RAT can support different Linux kernel versions.

    However, Group-IB is yet to determine Krasues initial infection vector. So far, vulnerability exploitation, credential brute force attacks, and
    unwitting downloads as part of deceptive packages are all being considered.

    Instead, the cybersecurity company says its disclosing the limited
    information it has at this point in order to prime Thai telecommunications companies so that they can be better prepared to secure themselves against such attacks. Group-IB has also notified the Thailand Computer Emergency Response Team (ThaiCERT) and the Thailand Telecommunications Sector Computer Emergency Response Team (TTC-CERT).

    After analysis, it looks like the Krasue RAT might have been created by the same author as XorDdos another Linux Trojan malware with rootkit
    capabilities for launching large-scale DDoS attacks.

    But specific threat group attribution is hard because the RAT uses code snippets from three different open-source projects Diamorphine, Suterusu,
    and Rooty which have been available for over five years.

    For now, Group-IB promises to continue monitoring the malwares spread, including to other areas outside of Thailand. More from TechRadar Pro Pretty much all Windows and Linux computers are vulnerable to this new cyberattack Boost your devices protection by using one of the best firewalls Check out
    our roundup of the best endpoint protection



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-whole-new-kind-of-linux-malware-has-b een-found-in-the-wild


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)