Regístrese ahora para una mejor cotización personalizada!

This 'evasive' new Linux malware creates a backdoor to steal passwords and more

Jul, 08, 2022 Hi-network.com

The hands of a computer hacker working on a computer keyboard.

Image: Getty Images

A newly uncovered form of Linux malware creates a backdoor into infected machines and servers, allowing cyber criminals to secretly steal sensitive information while also maintaining persistence on the network. 

Detailed by cybersecurity researchers at Intezer, the previously undetected malware has been called Orbit after filenames it used to temporarily store the output of executed commands.

Linux

  • The best Linux laptops for consumers and developers
  • Want to save your aging computer? Try these 5 Linux distributions
  • The best distros for beginners
  • How to enable Linux on your Chromebook (and why you should)

Linux is a popular operating system for servers and cloud infrastructure, which makes it a tempting target for cyber criminals.

SEE: A winning strategy for cybersecurity (ZDNet special report)

Orbit malware provides cyber criminals with remote access to Linux systems, allowing them to steal usernames and passwords and log TTY commands -the inputs made in the Linux terminal.  

In addition to this, the malware can infect running processes on the machine, ultimately allowing the hackers to take control of the system required to monitor and steal information, while also maintaining a backdoor to the compromised systems.

Once installed, Orbit sets up a remote connection to the machine and hooks functions in the Linux Pluggable Authentication Module. By doing this, the malware can steal information from SSH (Secure Shell Protocol) connections providing remote access to the attackers while also hiding network activity from the victim. 

Orbit is also designed to be highly persistent, making it hard to remove from an infected machine while running. It does this by adding instructions that the malware should be loaded before any other processes. 

The malware is also set up to evade detection by preventing information that could reveal the existence of Orbit from being detected by manipulating the outputs to avoid detailing malicious activity. 

"Unlike other threats, this malware steals information from different commands and utilities and stores them in specific files on the machine," said Nicole Fishbein, security researcher at Intezer. 

"Threats that target Linux continue to evolve while successfully staying under the radar of security tools, now Orbit is one more example of how evasive and persistent new malware can be," she added. 

Cloud services and servers are mistakenly misconfigured, providing unauthorised intruders with access to systems -businesses should ensure that their cloud setup is properly managed to avoid weak points like this that could allow attackers into networks. 

MORE ON CYBERSECURITY

  • This new Linux malware is 'almost impossible' to detect
  • Cloud security in 2022: A business guide to essential tools and best practices
  • Nasty Linux kernel bug found and fixed
  • Linux malware is on the rise. Here are three top threats right now
  • This Linux botnet has found a novel way of spreading to new devices

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.