Warning of new dangerous malware attack campaign targeting Linux
Experts from security firm ESET recently discovered a new Linux backdoor called WolfsBane, which is being used by the China-linked Gelsemium APT hacker group to deploy malicious activities.
Your browser doesn’t support HTML5 audio
Experts from security firm ESET have recently discovered a new Linux backdoor called WolfsBane, which is being used by the China-linked Gelsemium APT hacker group to carry out malicious operations. This is also the first documented case of Gelsemium using Linux malware. The backdoor is designed to steal sensitive data, including system information, user credentials, and specific files and folders.
WolfsBane is actually the Linux version of Gelsevirine, a Windows backdoor that Gelsemium has been using since 2014. The backdoor is delivered using a dropper that masquerades as a 'standard auth' command scheduler. Once executed, the dropper installs the WolfsBane launcher and backdoor on the target system. The launcher is disguised as a KDE desktop component, while the backdoor is hidden as a system service.
The WolfsBane backdoor communicates with the command and control (C&C) server via a custom network protocol. It can run commands, download files, and upload them to the C&C server. WolfsBane can also hide its presence on the system by modifying the system's configuration files.
In addition to WolfsBane, ESET researchers have identified another Linux backdoor, called FireWood, that is related to the Project Wood malware. Gelsemium previously used Project Wood as a Windows backdoor. FireWood is the Linux version of Project Wood and is also designed to steal sensitive information from the target system.
Researchers believe the shift to Linux malware is due to improvements in Windows endpoint security. As a result, threat actors are exploring new attack vectors, increasingly focusing on exploiting vulnerabilities in internet-connected systems, most of which run on Linux.
The discovery of WolfsBane and FireWood is a reminder that internet-connected Linux systems are now fundamentally vulnerable. Organizations and businesses must understand the dangers posed by Linux malware and take the necessary security measures to protect their systems. This includes using strong passwords, keeping software up to date, and being cautious when downloading and running specific files.
You should read it
- Malicious Code EvilGnome attacks Linux systems with many rare tricks
- Top 12 most dangerous backdoor in computer history
- Learn about Backdoor.Win32.Bredolab.eua malware
- 2022 could be the year of Linux malware
- Discover a new kind of malicious code that can record the phone call to extort money
- Fileless malware - Achilles heel of traditional antivirus software
- Detection of new utility backdoor leaves many Linux distributions vulnerable to attacks
- Researchers create malware based on artificial intelligence
- Threats and risks from malware on USB Flash
- 14 games on the App Store contain malicious code, iPhone users be careful
- The Linux subsystem on Windows 10 allows malware to hide without being detected
- Android apps contain malicious code that uses motion sensors to avoid detection