Linux systems targeted with dangerous new Chinese malware
Malware’s behaviour indicates that it could be part of an ongoing operation
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers have found a new sophisticated backdoormalwarewhich they believe is being exploited to target Linuxendpointsand servers.
Dubbed RedXOR because of its peculiar network data encoding scheme based on XOR, news of the previously undocumented backdoor was shared by a couple of researchers at Intezer. Furthermore, based on its Tactics, Techniques, and Procedures (TTPs), Intezer believes RedXOR is the work of high-profile Chinese threat actors.
“2020 set a record for newLinuxmalware families. New malware families targetingLinux systemsare being discovered on a regular basis. Backdoors attributed to advanced threat actors are disclosed less frequently,” note the researchers while sharing details about RedXOR.
Active operation
Linux systems are under constant attack since it powers a majority of the public cloud workload, the researchers observe. This puts Linux on the crosshairs of all kinds of threat groups, and RedXOR is just part of this trend.
“Some of the most prominent nation-state actors are incorporating offensive Linux capabilities into their arsenal and it’s expected that both the number and sophistication of such attacks will increase over time,” says a 2020 report by Intezer.
While investigating the backdoor, the researchers noticed that its Command and Control (C&C) server came online now and then, which led the researchers to conclude that the backdoor is still being actively exploited.
According to the researchers, samples of the malware were uploaded from Indonesia and Taiwan, which are some of the usual targets for Chinese threat actors. They also noticed similarities between RedXOR and earlier malware by the known Chinese state-sponsored Winnti threat group.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
During their analysis of the samples, the researchers discovered that they were compiled with a legacy GCC compiler on an old release of Red Hat Enterprise Linux, which suggests that RedXOR is designed to target legacy Linux systems.
Via:BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
