- Unit 42 LOOK A NEW MALWARE LINUX
- Auto-color can give attackers full access to compromise termination points
- The initial infection vector is unknown, but universities and governments strike
The universities and government offices in North America and Asia are targeted by a brand new Linux stolen door called “Automatic color”, experts said.
Cybersecurity researchers from Palo Alto Networks unit 42 were revealed in early November 2024, he came across a relatively difficult stolen door and impossible to delete without specialized software.
The stolen door was capable of opening an inverted shell to give attackers full distance access, by performing arbitrary commands on the target system, altering local files, acting as an indirect indicator or by dynamically modifying its configuration. Malware is also delivered with a killing switch, which allows threat stakeholders to remove all compromise evidence and thus make analysis and criminalics more difficult.
Dangerous threat
Given its advanced obscure characteristics and an in-depth list of dangerous capacities, the self-color has been described as a very dangerous threat. However, unit 42 could not attribute it to a known threat actor, and he did not want to discuss the victims in more detail. Therefore, we do not know how many organizations have been infected, or what is the final objective of the campaign.
What is also unknown is how the victims were infected in the first place. Unit 42 indicates that the initial infection vector is unknown, but added that it must start with the victim running a file on the target system. The file generally has a Benin name, like “Porte”, “Journal” or “Egg”.
Linux malware becomes more and more sophisticated and widespread due to the increased adoption of Linux in cloud computing, corporate servers and IoT devices. Cybercriminals pass the development of traditional Windows targets to include Linux environments, the exploitation of conviction errors, unlikely vulnerabilities and low security practices.
The rise of malware as a service (MAAS) and automated attack tools also makes threats based on Linux more effective.
Via Bleeping Compompute
