New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. “PUMAKIT is a sophisticated loadable kernel module (LKM) Read more…
Code found online exploits LogoFAIL to install Bootkitty Linux backdoor Normally, Secure Boot prevents the UEFI from running all subsequent files unless they bear a digital signature certifying those files are trusted by the device maker. The exploit bypasses this protection by injecting shell code stashed in a malicious bitmap Read more…
Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That’s according to findings from cybersecurity firm ESET based Read more…
Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be Read more…
New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus Nov 08, 2024Ravie LakshmananMalware / Virtualization Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The “intriguing” Read more…
North Korean hackers use newly discovered Linux malware to raid ATMs The malware resides in the userspace portion of the interbank switch connecting the issuing domain and the acquiring domain. When a compromised card is used to make a fraudulent translation, FASTCash tampers with the messages the switch receives from Read more…
New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists Oct 15, 2024Ravie LakshmananFinancial Fraud / Linux North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is “installed Read more…
Thousands of Linux systems infected by stealthy malware since 2021 This Reddit comment posted to the CentOS subreddit is typical. An admin noticed that two servers were infected with a cryptocurrency hijacker with the names perfcc and perfctl. The admin wanted help investigating the cause. “I only became aware of Read more…
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking Oct 03, 2024Ravie LakshmananLinux / Malware Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. “Perfctl is particularly elusive and Read more…
ModTracer – ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again. Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/Imperius Download ModTracer https://www.kitploit.com/2024/09/modtracer-modtracer-finds-hidden-linux.html [ad_2]