- Unit 42 stained a new Linux malware
- Self-colored can give attackers total access to committed ends
- The initial infection vector is unknown, but universities and governments hit
The universities and government offices in North America and Asia are being attacked by a new rear door of Linux called “self-color”, they said.
Cybersecurity researchers of Unit 42 of Palo Alto Networks revealed at the beginning of November 2024, he found a rear door that was relatively difficult to detect and impossible to eliminate without specialized software.
The rear door was able to open a reverse shell to give attackers full remote access, execute arbitrary commands in the destination system, manipulate local archives, act as a proxy or dynamically modify their configuration. Malware also comes with a death switch, which allows threat actors to eliminate all evidence of commitment and, therefore, hindered analysis and forensics.
Dangerous threat
Given its advanced characteristics of obfuscation and an extensive list of dangerous capacities, the automatic color was described as a very dangerous threat. However, unit 42 could not attribute it to any known threat actor, nor wanted to discuss victims in more detail. Therefore, we do not know how many organizations were infected, or what is the ultimate goal of the campaign.
What is also unknown is how the victims were infected first. Unit 42 says that the initial infection vector is unknown, but added that it has to start with the victim who executes a file in the destination system. The file usually has a benign name, such as “door”, “registration” or “egg”.
Linux malware is becoming more sophisticated and generalized due to the increase in the adoption of Linux in cloud computing, business servers and IoT devices. Cybercriminals are changing focus on the traditional Windows objectives to include Linux environments, exploit erroneous configurations, unpaid vulnerabilities and weak security practices.
The increase in malware such as service (MAS) and automated attack tools also make Linux -based threats also more effective.
Through Bleepingcomputer
