Search cyberveille.decio.ch

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs

OUTLAW is a persistent yet unsophisticated auto-propagating coinminer package observed across multiple versions over the past few years [1], [2], [3], [4]. Despite lacking stealth and advanced evasion techniques, it remains active and effective by leveraging simple but impactful tactics such as SSH brute-forcing, SSH key and cron-based persistence, and manually modified commodity miners and IRC channels. This persistence highlights how botnet operators can achieve widespread impact without relying on sophisticated techniques.

#elastic #EN #2025 #OUTLOW #linux #malware #analisys

·elastic.co·Apr 6, 2025

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs

FASTCash for Linux

Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.

#doubleagent #EN #2024 #analysis #Linux #DPRK #FASTCash #malware

·doubleagent.net·Oct 21, 2024

FASTCash for Linux

perfctl: A Stealthy Malware Targeting Millions of Linux Servers

Perfctl is particularly elusive and persistent malware employing several sophisticated techniques

#aquasec #EN #2024 #research #Stealthy #Malware #Linux #Servers #perfctl

·aquasec.com·Oct 6, 2024

perfctl: A Stealthy Malware Targeting Millions of Linux Servers

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.

#aon #EN #2024 #sedexp #Linux #Malware #udev #Rules

·aon.com·Aug 25, 2024

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

XZ backdoor behavior inside OpenSSH

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

#securelist #EN #2024 #Backdoor #Cyber-espionage #Linux #Malware #Malware-Descriptions #Malware-Technologies #SSH #Targeted-attacks #XZ

·securelist.com·Jun 24, 2024

XZ backdoor behavior inside OpenSSH

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

#avast #EN #2022 #Rootkit #Linux #Syslogk #malware #Adore-Ng

·decoded.avast.io·Jun 14, 2022

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

#avast #EN #2022 #Rootkit #Linux #Syslogk #malware #Adore-Ng

·decoded.avast.io·Jun 14, 2022

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

Kaspersky analysis of the backdoor in XZ

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

#securelist #EN #2024 #Backdoor #Cyber-espionage #Linux #Malware #analysis #Malware-Descriptions #Malware-Technologies #SSH #XZ

·securelist.com·Apr 13, 2024

Kaspersky analysis of the backdoor in XZ

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

#avast #EN #2022 #Rootkit #Linux #Syslogk #malware #Adore-Ng

·decoded.avast.io·Jun 14, 2022

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

#avast #EN #2022 #Rootkit #Linux #Syslogk #malware #Adore-Ng

·decoded.avast.io·Jun 14, 2022

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

#avast #EN #2022 #Rootkit #Linux #Syslogk #malware #Adore-Ng

·decoded.avast.io·Jun 14, 2022

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

#avast #EN #2022 #Rootkit #Linux #Syslogk #malware #Adore-Ng

·decoded.avast.io·Jun 14, 2022

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

Trojanized Free Download Manager found to contain a Linux backdoor

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

#securelist #EN #2023 #Backdoor #Linux #Malware #Supply-chain-attack #Download-Manager

·securelist.com·Sep 14, 2023

Trojanized Free Download Manager found to contain a Linux backdoor

AVrecon malware infects 70,000 Linux routers to build botnet

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

#bleepingcomputer #EN #2023 #AVrecon #Botnet #Linux #Malware #RAT #Router

·bleepingcomputer.com·Jul 15, 2023

AVrecon malware infects 70,000 Linux routers to build botnet

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

#avast #EN #2022 #Rootkit #Linux #Syslogk #malware #Adore-Ng

·decoded.avast.io·Jun 14, 2022

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

GobRAT malware written in Go language targeting Linux routers

JPCERT/CC has confirmed attacks that infected routers in Japan with malware around February 2023. This blog article explains the details of the attack confirmed by JPCERT/CC and GobRAT malware, which was used in the attack. ### Attack flow up to...

#jpcert #EN #20233 #GobRAT #malware #analysis #Linux #routers #Go

·blogs.jpcert.or.jp·Jun 5, 2023

GobRAT malware written in Go language targeting Linux routers