This fearsome new Linux malware will send a shudder down the spines of IT professionals By Mobile Malls September 12, 2022 0 290 views A model new Linux malware (opens in new tab) pressure able to totally different sorts of nasties has been detected, able to abusing respectable cloud companies to remain hidden in plain sight.Cybersecurity researchers from AT&T Alien Labs lately found (opens in new tab) the malware and named it Shikitega. It comes with an excellent tiny dropper (376 bytes), utilizing a polymorphic encoder that progressively drops the payload. That signifies that the malware will obtain and execute one module at a time, ensuring it stays hidden and protracted. The command & management (C2) server for the malware is hosted on a “recognized internet hosting service”, making it stealthier, it was stated.Abusing PwnKitThe researchers aren’t completely sure what the malware’s authors have been making an attempt to attain. Shikitega is sort of potent, as it could possibly run on every kind of Linux (opens in new tab) units, and permits menace actors to manage the webcam on the goal endpoint (opens in new tab), in addition to steal credentials. Alternatively, it’s additionally able to working XMRig, a recognized cryptojacker that mines the Monero cryptocurrency for the attackers. One can solely speculate that the XMRig was added to utilize compromised units that don’t have any delicate information to be stolen. The malware depends on two vulnerabilities, each patched months in the past, to compromise the units and obtain persistence. One is PwnKit (CVE-2021-4034), one of many extra notorious vulnerabilities that went undetected for some 12 years, earlier than lastly being noticed and glued earlier this yr. The opposite one is CVE-2021-3493, found and patched greater than a yr in the past (in April 2021). Whereas there’s a repair for each these holes, the researchers are saying, many IT directors are but to use them, particularly relating to Web of Issues (IoT) units. The researchers don’t but know who the authors are, and are suggesting all Linux admins to maintain their software program updated, set up an antivirus (opens in new tab) and/or EDR on all endpoints, and ensure they again up their server recordsdata.These are the very best Linux distros for small companies (opens in new tab) proper nowBy way of: Ars Technica (opens in new tab)Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)MoreClick to print (Opens in new window)Click to email a link to a friend (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Tumblr (Opens in new window)Click to share on Pinterest (Opens in new window)Click to share on Pocket (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on WhatsApp (Opens in new window)
