A new Linux malware has been found that steals important data from ‘endpoint’ while the device is running by evading antivirus detection systems. The specialty of malware is that it traps libraries ‘strongly’ on infected machines; Which helps in taking control of the machine by bypassing the detection system during data theft and setting up of ‘SSH’ backdoor.
The malwares are ‘LD_Preload’, BPFdor and ‘Cyslogoc’. Technology site Blipping Computer says these malwares have recently been found to be quite active in the activities of Threat Actors on the Linux platform. These behave like parasites throughout the system. BPFdor was able to hide from the antivirus detection system for five years because it hid using the common ‘Linux demon’ name.
Researchers at antivirus maker Avast say the cyslogoc malware is based on an old open-source rootkit called Ador-NG.
Nicole Fishbain, a researcher at Integer Labs, thinks that malware uses “advanced evasion techniques” and traps key functions to take control of the machine, allowing the threat actor to enter the security shell (SSH) and collect user identities. And interrupts the ‘TTY’ command.”
Researchers at its cybersecurity firm say the malware “dubbed” the device’s ‘orbit’ system and ‘intercepted’ the shared library instead of the environmental indicator ‘LD_Preload’ and continued to disrupt the ‘function call’ system. Once the malware is installed it will infect all running activities including new ones on the machine.