LINUX

Pierluigi Paganini May 29, 2023
New Go-written GobRAT RAT targets Linux Routers in Japan

A new Golang remote access trojan (RAT), tracked as GobRAT, is targeting Linux routers in Japan, the JPCERT Coordination Center warns. JPCERT/CC is warning of cyberattacks against Linux routers in Japan that have been infected with a new Golang remote access trojan (RAT) called GobRAT. Threat actors are targeting Linux routers with publicly exposed WEBUI to execute […]

Pierluigi Paganini May 09, 2023
A Linux NetFilter kernel flaw allows escalating privileges to ‘root’

A Linux NetFilter kernel flaw, tracked as CVE-2023-32233, can be exploited by unprivileged local users to escalate their privileges to root. Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required […]

Pierluigi Paganini April 27, 2023
Researchers found the first Linux variant of the RTM locker

RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider. The new variant of the encryptor targets Linux, NAS, and ESXi hosts, it appears to be based on the source code of Babuk ransomware that was […]

Pierluigi Paganini April 26, 2023
China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group  (aka GALLIUM, Softcell) targeting Linux systems with a new variant of PingPull backdoor. While investigating the activity of the group, the […]

Pierluigi Paganini March 30, 2023
New Mélofée Linux malware linked to Chinese APT groups

Exatrack researchers warn of an unknown China-linked hacking group that has been linked to a new Linux malware, dubbed MĂ©lofĂ©e. Cybersecurity researchers from ExaTrack recently discovered a previously undetected malware family, dubbed MĂ©lofĂ©e, targeting Linux servers. The researchers linked with high-confidence this malware to China-linked APT groups, in particular the Winnti group. The MĂ©lofĂ©e malware includes a […]

Pierluigi Paganini March 21, 2023
New ShellBot bot targets poorly managed Linux SSH Servers

New ShellBot DDoS bot malware, aka PerlBot, is targeting poorly managed Linux SSH servers, ASEC researchers warn. AhnLab Security Emergency response Center (ASEC) discovered a new variant of the ShellBot malware that was employed in a campaign that targets poorly managed Linux SSH servers. The ShellBot, also known as PerlBot, is a Perl-based DDoS bot that uses IRC […]

Pierluigi Paganini March 09, 2023
Recently discovered IceFire Ransomware now also targets Linux systems

The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, with a focus on technology companies. IceFire was first detected in […]

Pierluigi Paganini January 04, 2023
New shc Linux Malware used to deploy CoinMiner

Researchers discovered a new Linux malware developed with the shell script compiler (shc) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler (shc) that threat actors used to install a CoinMiner. The experts believe attackers initially compromised targeted devices through a […]

Pierluigi Paganini December 30, 2022
New Linux malware targets WordPress sites by exploiting 30 bugs

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes. The malware injects into targeted webpages malicious JavaScripts, then when users click on the compromised […]

Pierluigi Paganini December 25, 2022
Critical Linux Kernel flaw affects SMB servers with ksmbd enabled

Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files […]