Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Warning of new dangerous malware attack campaign targeting Linux
Experts from security firm ESET have recently discovered a new Linux backdoor called WolfsBane, which is being used by the China-linked Gelsemium APT hacker group to carry out malicious operations. This is also the first documented case of Gelsemium using Linux malware. The backdoor is designed to steal sensitive data, including system information, user credentials, and specific files and folders.
WolfsBane is actually the Linux version of Gelsevirine, a Windows backdoor that Gelsemium has been using since 2014. The backdoor is delivered using a dropper that masquerades as a 'standard auth' command scheduler. Once executed, the dropper installs the WolfsBane launcher and backdoor on the target system. The launcher is disguised as a KDE desktop component, while the backdoor is hidden as a system service.
The WolfsBane backdoor communicates with the command and control (C&C) server via a custom network protocol. It can run commands, download files, and upload them to the C&C server. WolfsBane can also hide its presence on the system by modifying the system's configuration files.
In addition to WolfsBane, ESET researchers have identified another Linux backdoor, called FireWood, that is related to the Project Wood malware. Gelsemium previously used Project Wood as a Windows backdoor. FireWood is the Linux version of Project Wood and is also designed to steal sensitive information from the target system.
Researchers believe the shift to Linux malware is due to improvements in Windows endpoint security. As a result, threat actors are exploring new attack vectors, increasingly focusing on exploiting vulnerabilities in internet-connected systems, most of which run on Linux.
The discovery of WolfsBane and FireWood is a reminder that internet-connected Linux systems are now fundamentally vulnerable. Organizations and businesses must understand the dangers posed by Linux malware and take the necessary security measures to protect their systems. This includes using strong passwords, keeping software up to date, and being cautious when downloading and running specific files.
Marvin FryYou should read it
- Learn about Backdoor.Win32.Bredolab.eua malware
- 2022 could be the year of Linux malware
- Discover a new kind of malicious code that can record the phone call to extort money
- Fileless malware - Achilles heel of traditional antivirus software
- Detection of new utility backdoor leaves many Linux distributions vulnerable to attacks
- Researchers create malware based on artificial intelligence
- Threats and risks from malware on USB Flash
- 14 games on the App Store contain malicious code, iPhone users be careful
May be interested
- Detects new Xcode malware targeting iOS developers
international cybersecurity experts have broadcast an urgent message about a malicious xcode project called xcodespy. the malware is currently targeting ios software developers in a supply-chain attack. - Masslogger - malicious code possesses the ability to steal all the login information of Chrome, Edge Outlook of the targetmasslogger - a notorious trojan that specializes in stealing credentials targeting windows systems that officially have a dangerous 're-export'.
- Warning: The malware campaign hides the shadow of gift emails from Amazontraditionally, the holidays and year-end shopping holidays are always a golden opportunity for bad actors to launch a series of malicious campaigns on cyberspace to gain illegal profits from those who are fickle and gullible.
- Ransomware is being used as bait in data destruction attacks targeting Ukraineinternational security researchers have issued a warning about a new type of data erasure malware that is currently being deployed in destructive attacks targeting ukraine's network infrastructure.
- Appears new malware HiatusRAT targeting enterprise routersa new malware campaign, called hiatus, is targeting small business routers to steal data and track victims.
- Detecting APT attack campaign on important national infrastructure on Tet holidaythe main purpose of hackers is to gain user control, then through it to attack internal computer systems to steal important information.
- GoldBrute botnet campaign is trying to hack 1.5 million RDP servers worldwidenew security researchers discover an ongoing sophisticated botnet campaign, using brute-force methods targeting more than 1.5 million publicly accessible windows rdp servers on the internet.
- What is Safe Malware? Why is it so dangerous?remote access trojan (rat) is a type of malware that allows hackers to monitor and control the victim's computer or network.
- Malware WSL appeared with the ability to steal browser authentication cookieswindows subsystem for linux (wsl) has not been released for a long time, but there is already malicious code targeting this system.
- How to Protect Yourself from the Latest WordPress Malware Attackas one of the most popular website building tools in the world, wordpress is once again a target for malware.
Tech info
- China races to stockpile US chipsets before Trump returns to the White House
- Some apps will still know your real location even if you use a VPN
- Fiber optic internet prices are too high, an American opens his own network
- Instructions to hide likes on Facebook on phone and computer
- How to Improve the Sound Quality of Voice Recordings on iPhone
- 9 time-saving tips when formatting documents in Microsoft Word
China races to stockpile US chipsets before Trump returns to the White House
Some apps will still know your real location even if you use a VPN
Fiber optic internet prices are too high, an American opens his own network
Instructions to hide likes on Facebook on phone and computer
How to Improve the Sound Quality of Voice Recordings on iPhone
9 time-saving tips when formatting documents in Microsoft Word