Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. … [Read more...] about New Golang-based Linux Malware Targeting eCommerce Websites
Linux
Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux
Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently … [Read more...] about Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux
One-Click Attack Surface in Linux Desktop Environments
The Advanced Research Team at CrowdStrike Intelligence discovered multiple vulnerabilities affecting libvncclient. In some widely used desktop environments, such as GNOME, these vulnerabilities can be triggered in a one-click fashion. Introduction Client-side exploitation has become a crucial component of many attackers’ toolkits. In the desktop space, exploiting browsers is … [Read more...] about One-Click Attack Surface in Linux Desktop Environments
FinSpy (aka FinFisher) spyware for Windows, macOS, Linux, Android, and iOS
At Kaspersky’s recent Security Analyst Summit, our experts presented a detailed report on FinSpy (aka FinFisher) spyware and its distribution methods, including some previously unknown ones. You can read more about their findings in Securelist’s post. In this article, meanwhile, we explore what kind of malware FinSpy is and how you can protect yourself from it. What is FinSpy … [Read more...] about FinSpy (aka FinFisher) spyware for Windows, macOS, Linux, Android, and iOS
Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems
Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family, dubbed "FontOnLake" by Slovak cybersecurity firm ESET, is said to feature … [Read more...] about Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems
Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management … [Read more...] about Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
New Malware Targets Windows Subsystem for Linux to Evade Detection
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install … [Read more...] about New Malware Targets Windows Subsystem for Linux to Evade Detection
Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide
Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that's actively set its sights on government, telecommunications, information technology, and financial institutions in the wild. The as-yet undetected version of the penetration testing tool — codenamed "Vermilion Strike" — marks one of the rare Linux ports, … [Read more...] about Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own … [Read more...] about Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances
Cybersecurity researchers have disclosed a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from … [Read more...] about Wormable DarkRadiation Ransomware Targets Linux and Docker Instances