This Linux malware uses open source software to hide its malicious processes
Threat actors are known to constantly upgrade their malware
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers have discovered that a notorious threat group has upgraded its arsenal with a new tool that enable its malware to avoid detection inLinux.
Researchers at AT&T’s Alien Labs report that theTeamTNT cybercrime group, known for its break-ins into popular cloud instances for mining cryptocurrency, is now using a detection-evasion tool that is based on theopen sourcelibprocesshiderlibrary.
Thelibprocesshiderlibrary describes itself as a means to “hide a process under Linux.”
Pulling a Keyser Soze
TeamTNT is infamous for targeting misconfigured Docker instances with crypto mining malware, and has recently upgraded to target Kubernetes installations, and also stealing AWS credentials.
According to reports, the group had recently shifted tactics by updating its Linux cryptojacking malware named Black-T to also harvest user credentials from infected servers. It has now gone one step further and added the detection-evasion capabilities to the Black-T malware.
The researchers report that the new tool is delivered within a base64-encoded script, hidden in the TeamTNT cryptominer binary, or through its Internet Relay Chat (IRC) bot. Once delivered it then masks the malicious binary from process information tools such aspsandlsof.
The AT&T researchers note that TeamTNT is also known for deploying updates to its cryptomining malware with the previous one being a new memory loader based on Ezuri and written in GOlang.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“While the new functionality oflibprocesshideris to evade detection and other basic functions, it acts as an indicator to consider when hunting for malicious activity on the host level,” suggest the researchers.
Via:BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace
