Researchers have discovered a brand new malware focusing on Linux techniques with a parasitic impact. Recognized as “Symbiote,” this new malware infects Linux processes to offer rootkit performance to the attackers.
About Symbiote Linux Malware
Following a joint evaluation of their researchers, the BlackBerry Menace Analysis & Intelligence staff and Intezer have shared insights concerning the newly found Linux malware. The researchers have named this malware “Symbiote” because it displays a symbiotic (relatively parasitic) conduct on Linux techniques.
Briefly, the malware, not like different malware that aggressively kill system processes, Symbiote masses on all processes as a shared object (SO) library. On this manner, it makes use of these processes to inflict injury. As soon as performed, the malware then steals credentials from the system. Additionally, it provides distant entry to the attackers.
Moreover, it additionally displays large sneakiness through the use of Berkeley Packet Filter (BPF) hooking performance to cover malicious community site visitors.
When an administrator begins any packet seize device on the contaminated machine, BPF bytecode is injected into the kernel that defines which packets needs to be captured. On this course of, Symbiote provides its bytecode first so it will probably filter out community site visitors that it doesn’t need the packet-capturing software program to see.
Furthermore, the malware additionally exploits the LD_PRELOAD directive to load earlier than different shared objects. That’s how the malware hijacks different library imports and evades detection. The next chart illustrates the evasion methods that Symbiote applies throughout infections.
Whereas the researchers have not too long ago shared malware particulars, it isn’t solely new. As an alternative, the malware has been energetic within the wild, with its first samples courting again to November 2021. In line with the researchers, the menace actors used this malware to focus on monetary establishments in Latin America.
The researchers discovered its code doesn’t resemble any identified Linux malware varieties, confirming that it’s solely new malware. Nevertheless, it does exhibit slight similarities with the 2014-discovered Ebury malware, which additionally serves as a backdoor for the attackers and credential harvester.
Tell us your ideas within the feedback.
