New Symbiote malware is capable of infecting all processes running on Linux computers
A newly discovered Linux malware called Symbiote is posing a great threat to the user community. The reason is because Symbiote has the ability to infect all processes running on the compromised system to steal account credentials and other data and then send it back to its owner.
After infecting running processes, Symbiote acts as a system-wide parasite, leaving no sign that the computer is infected. Even the most in-depth, meticulous inspection can't detect it.
Symbiote uses BPF (Berkeley Packet Filter) connectivity to monitor network packets and hide its own communication channels from security tools.
Security researchers from BlackBerry and Intezer Labs discovered the existence of Symbiote. They worked closely together to explore all aspects of this malicious code then published in a detailed technical report. According to them, Symbiote has been actively developing since last year.
System-wide infection through shared objects
Often malicious code is spread through executable files. However, Symbiote is a shared object library (SO) that is loaded into running processes using the LD_PRELOAD directive to gain priority over other SOs.
As it is loaded first, Symbiote can connect to the functions "libc" and "libpcap" and perform various actions to mask its presence such as hiding parasitic processes, hiding files deployed with malware.
"As it infects itself with processes, the malicious code can choose which results it displays ," the researchers said. "If the administrator starts collecting packets on the infected machine to investigate anomalous network traffic, Symbiote will feed itself into the test software's process and use BPF hooking to filter out the results." may reveal its activity" .
To hide its malicious network activities, Symbiote deletes connection entries it wants to hide, performs packet filtering via BPF, and discards UDP traffic to domains on its list.
Backdoor and data theft
Symbiote is mainly used to steal credentials from hacked Linux machines surreptitiously. When targeting the right Linux servers in large organizations, Symbiote will cause serious problems. If the administrator's password is stolen, the path of peer-to-peer infection will not be hindered and the hacker also has unlimited access to the entire system.
In addition, Symbiote provides the attacker with remote SHH access to the machine via the PAM service and provides a method for the attacker to gain root privileges on the system.
Symbiote targets financial entities in Latin America, impersonating banks and the Brazilian federal police.
Due to the sophisticated mode of infection, Symbiotes are difficult to detect. Therefore, administrators should pay more attention to network traffic. Network telemetry can be used to detect unusual DNS requests, and security tools such as anti-virus software and Endpoint Detection and Response (EDR) need to be statically linked to ensure they are not infected with malicious code.
Experts predict that in the near future, the number of malicious attacks with the ability to evade as well as Symbiote will increase significantly. Therefore, administrators and security engineers should prepare prevention and response plans.
You should read it
- 2022 could be the year of Linux malware
- Malware WSL appeared with the ability to steal browser authentication cookies
- Learn about SpeakUp - New Malware targets Linux servers
- How many types of malware do you know and how to prevent them?
- 10 typical malware types
- What is Safe Malware? Why is it so dangerous?
- Can a VPN Fight Malware?
- What is Malware? What kind of attack is Malware?
May be interested
- WikiLeaks revealed malware of CIA hacks and spies on Linux computerswikileaks has just published the vault 7 document that provides detailed information about a supposedly cia project that allows remote hacking and spying on linux-based computers.
- 11 uses of ps command in Linuxfor system administrators, ps is a frequently used tool. the ps command is used to list the processes currently running on the system, with many available filtering and display modes via flags and arguments.
- Detection of malicious code infecting the web browsers of 300,000 PCs, silently stealing user dataa worldwide malware campaign has installed malicious extensions into the web browsers of more than 300,000 computers globally.
- This 5G smartphone runs Linux, has a physical keyboard and works like a laptopplanet computers recently announced a crowdfunding campaign on indiegogo with an interesting smartphone model running on linux, and can act as a laptop.
- Windows 8 security feature prevents dual booting with Linuxmany recent reports show that microsoft's new secure boot function in windows 8 could prevent some users from running both windows and linux on their computers.
- Is Linux really immune to viruses and malware?when you switch to linux, you think you no longer have to worry about viruses and other types of malware. but even though this is almost always true, linux desktops are not completely secure.
- How to save a list of running processes to a file in Windowssometimes, it seems that there are so many processes running on the computer that you're not sure if everything is okay. the first step you should take is to create a list of running processes and put them into a text file, so you can analyze which processes are running.
- 17 lightweight Linux distributions bring new life to old computersolder computers are often slow and upgrading components such as ram, cpu and hard drive can alleviate performance problems. however, the best solution to bring new life to your old computer is to install a compact linux distribution.
- Prevent malware from breaking into the BIOSmalware (malware) can sneak into the bios in your computer and then activate itself before any anti-malware has a chance to detect it. therefore, you should set the password for the bios.
- Digital pre-digging tool infects Windows computers via EternalBlue and WMIa newly discovered malware family called coinminer is causing many users and companies to secure many problems, making it difficult to prevent or detect the combination of many unique features.