New Linux Malware Framework Lets Attackers Set up Rootkit on Focused Programs

New Linux Malware Framework Lets Attackers Set up Rootkit on Focused Programs

Jul 21, 2022Ravie Lakshmanan

A never-before-seen Linux malware has been dubbed a “Swiss Military Knife” for its modular structure and its functionality to put in rootkits.

This beforehand undetected Linux risk, known as Lightning Framework by Intezer, is supplied with a plethora of options, making it one of the intricate frameworks developed for concentrating on Linux techniques.

“The framework has each passive and energetic capabilities for communication with the risk actor, together with opening up SSH on an contaminated machine, and a polymorphic malleable command and management configuration,” Intezer researcher Ryan Robinson stated in a brand new report printed at this time.

Central to the malware is a downloader (“kbioset”) and a core (“kkdmflush”) module, the previous of which is engineered to retrieve not less than seven totally different plugins from a distant server which might be subsequently invoked by the core part.

As well as, the downloader can be answerable for establishing the persistence of the framework’s major module. “The principle operate of the downloader module is to fetch the opposite elements and execute the core module,” Robinson famous.

The core module, for its half, establishes contact with the command-and-control (C2) server to fetch obligatory instructions required to execute the plugins, whereas additionally taking care to cover its personal presence within the compromised machine.

Among the notable instructions obtained from the server allow the malware to fingerprint the machine, run shell instructions, add recordsdata to the C2 server, write arbitrary knowledge to file, and even replace and take away itself from the contaminated host.

Read Also:   i-PRO Shares 'IoT Pillars of Cybersecurity' for Cybersecurity Consciousness Month

It additional units up persistence by creating an initialization script that is executed upon system boot, successfully permitting the downloader to be routinely launched.

“The Lightning Framework is an fascinating malware as it’s not frequent to see such a big framework developed for concentrating on Linux,” Robinson identified.

The invention of Lightning Framework makes it the fifth Linux malware pressure to be unearthed in a brief interval of three months after BPFDoor, Symbiote, Syslogk, and OrBit.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.


Supply By https://thehackernews.com/2022/07/new-linux-malware-framework-let.html

Spesifikasi Realme C25Y, HP Rp1 Jutaan Oke untuk Fotografi Previous post Spesifikasi Realme C25Y, HP Rp1 Jutaan Oke untuk Fotografi
Q&A: A recent take a look at information science | MIT Information Next post Q&A: A recent take a look at information science | MIT Information