Warning of new dangerous malware attack campaign targeting Linux
Experts from security firm ESET recently discovered a new Linux backdoor called WolfsBane, which is being used by the China-linked Gelsemium APT hacker group to deploy malicious activities.
Experts from security firm ESET have recently discovered a new Linux backdoor called WolfsBane, which is being used by the China-linked Gelsemium APT hacker group to carry out malicious operations. This is also the first documented case of Gelsemium using Linux malware. The backdoor is designed to steal sensitive data, including system information, user credentials, and specific files and folders.
WolfsBane is actually the Linux version of Gelsevirine, a Windows backdoor that Gelsemium has been using since 2014. The backdoor is delivered using a dropper that masquerades as a 'standard auth' command scheduler. Once executed, the dropper installs the WolfsBane launcher and backdoor on the target system. The launcher is disguised as a KDE desktop component, while the backdoor is hidden as a system service.
The WolfsBane backdoor communicates with the command and control (C&C) server via a custom network protocol. It can run commands, download files, and upload them to the C&C server. WolfsBane can also hide its presence on the system by modifying the system's configuration files.
In addition to WolfsBane, ESET researchers have identified another Linux backdoor, called FireWood, that is related to the Project Wood malware. Gelsemium previously used Project Wood as a Windows backdoor. FireWood is the Linux version of Project Wood and is also designed to steal sensitive information from the target system.
Researchers believe the shift to Linux malware is due to improvements in Windows endpoint security. As a result, threat actors are exploring new attack vectors, increasingly focusing on exploiting vulnerabilities in internet-connected systems, most of which run on Linux.
The discovery of WolfsBane and FireWood is a reminder that internet-connected Linux systems are now fundamentally vulnerable. Organizations and businesses must understand the dangers posed by Linux malware and take the necessary security measures to protect their systems. This includes using strong passwords, keeping software up to date, and being cautious when downloading and running specific files.
Discover more
Share by
Marvin FryYou should read it
- Learn about Backdoor.Win32.Bredolab.eua malware
- 2022 could be the year of Linux malware
- Discover a new kind of malicious code that can record the phone call to extort money
- Fileless malware - Achilles heel of traditional antivirus software
- Detection of new utility backdoor leaves many Linux distributions vulnerable to attacks
- The Quiet Details That Make a Sports Betting Platform Feel Reliable
- Instructions on creating toy set images with ChatGPT AI
- How are AI agents changing the journalism industry?
- China races to stockpile US chipsets before Trump returns to the White House
- Some apps will still know your real location even if you use a VPN
- 5 ways to make delicious fruit ice cream, easy to make at home