Subj : If you use Linux - watch out for this stealthy new malware
To   : All
From : TechnologyDaily
Date : Fri May 12 2023 15:30:03

If you use Linux - watch out for this stealthy new malware

Date:
Fri, 12 May 2023 14:19:46 +0000

Description:
A known Linux malware has gotten a major upgrade that makes it invisible to 
AV programs - for now.

FULL STORY
======================================================================

Experts have recently discovered an upgraded version of the BPFDoor malware 
for Linux , thats seemingly harder to spot - and aAs a result, no antivirus 
programs are still flagging the executable as malicious. 

Cybersecurity researchers from Deep Instinct noted that BPFDoor, which was 
first discovered in 2022, has been active since at least 2017. The tool got 
its name from the (ab)use of the Berkley Packet Filter (BPF), which it uses 
to get instructions and bypass any firewalls. 

Its design allows the threat actors to remain undetected on a compromised 
Linux system for longer periods of time, it was said. BPFDoors key feature is 
allowing threat actors to see all network traffic and find vulnerabilities, 
as well as sending out remote code through (now) unfiltered and unblocked 
channels. An eye on network traffic 

Furthermore, BPFDoor is capable of blending malicious traffic with the 
legitimate one, making detection and remediation even more difficult. 

But given that no antivirus still flag BPFDoor as malicious, system 
administrators only way of detecting it is to vigorously monitor network 
traffic and logs, BleepingComputer adds. They should use state-of-the-art 
endpoint protection solutions, and monitor the file integrity on 
"/var/run/initd.lock. as thats where BPFDoor creates and locks a runtime 
before forking itself to run as a child process. Read more 

> You're a ransomware victim: Here's 5 things you should do 


 > The 10 worst ransomware attacks ever 


 > Check out the best endpoint protection tools right now 

TheHackerNews also claims that BPFDoor is usually used by Red Menshen, a 
threat actor associated with China. The group, active since 2021, has been 
mostly targeting Linux operating systems belonging to telecommunications 
providers in the Middle East and Asia, as well as government organizations, 
education firms, and logistics companies, it says on Malpedia. 

After gaining initial access, the group would use various custom tools, such 
as Mangzamel, Gh0st, Mimikatz, and Metasplit. 

Most of the groups activity takes place during workdays and during working 
hours (9-5, Monday to Friday). Here's our rundown of the best firewalls right 
now 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/linux-uses-warned-to-watch-out-for-this-stealth
y-new-malware


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.