![]() ![]() New Linux Malware Symbiote Targets Financial Sector in Latin America BleepingComputer: Syslogk Rootkit Article.It's highly evasive nature likely means it will be developed in the future, adding more features and potentially updating to target newer distributions of Linux. Syslogk is early in its development stages, and it is unclear whether it will be a widespread threat or a more targeted malware strain. The kill switch has multiple security features that prevent unauthorized users from shutting down the connection, such as a hardcoded key. The malware author has also implemented a remote shut-off that kills the backdoor to hide itself on the network. Once a specifically crafted packet is received, the Rekoobe backdoor payload starts, allowing full access to the victim machine through a command-line interface. This allows the malware to hide as a common, legitimate service that cannot be detected through a simple port scan. The malware was also linked to the "Rekoobe" malware family, is known for its ability to act as a legitimate SMTP server. ![]() Syslogk was created before newer Linux versions and thus cannot be run on up-to-date systems. Less-sophisticated threat actors are forced to reuse code found in open-source repositories such as GitHub to fill the gap caused by their lack of experience. Rootkit malware is much more complicated to write compared to normal malicious code, meaning that it is typically attributed to highly experienced threat actor developers. It was first identified due to its use of an old open-source rootkit known as "Adore-Ng" targeting Linux 2.x and 3.x systems. ![]() New Evasive Linux Rootkit Activated Using "Magic Packets"Ī new Linux rootkit dubbed "Syslogk" has been discovered by Avast security researchers. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |