This new Linux rootkit malware has already begun to hunt unsuspecting victims

This new Linux rootkit malware has already begun to hunt unsuspecting victims

A new rootkit has been developed that is capable of both loading and hiding dangerous programs on Linux computers.

This new Linux rootkit malware has already begun to hunt unsuspecting victims

It is also in an early stage of (active) development, therefore it is unclear whether it will develop into a full-fledged threat.

The rootkit virus, known as Syslogk, is based on an ancient, open-source rootkit known as Adore-Ng.

ELF:Rekoob, or Rekoobe as it is more often known, is one such payload identified by Avast’s researchers. This malware is a C-based backdoor trojan. Syslogk can install it on a compromised endpoint and leave it dormant until the malware’s operators send it a “magic packet.” The infection may be started and stopped using the magic pocket.

Rekoobe itself is based on TinyShell, BleepingComputer explains, which is also open-source and widely available. It is used to execute commands, meaning this is where the damage gets dealt – threat actors use Rekoobe to steal files, exfiltrate sensitive information, take over accounts, etc.

“We observed that the Syslogk rootkit (and Rekoobe payload) perfectly align when used covertly in conjunction with a fake SMTP server,” Avast explained in a blog post. “Consider how stealthy this could be; a backdoor that does not load until some magic packets are sent to the machine. When queried, it appears to be a legitimate service hidden in memory, hidden on disk, remotely ‘magically’ executed, hidden on the network. Even if it is found during a network port scan, it still seems to be a legitimate SMTP server.”

The malware is also easier to detect at this point, meaning crooks need to be extra careful when deploying and running the second stage of their attack.

Check the latest news about tech news section for best information.

The best source of news - newszf.com
Logo
Compare items
  • Total (0)
Compare
0