Jump to content
  • A whole new kind of Linux malware has been found in the wild

    aum

    • 502 views
    • 2 minutes
     Share


    • 502 views
    • 2 minutes

    You may be safe… for now

     

    A new type of Linux malware has been identified after going unnoticed for two years thanks to work by cybersecurity researchers from Group-IB.

    The newly uncovered Linux Remote Access Trojan (RAT), Krasue, was first registered on Virustotal, and has since been targeting primarily telecommunications companies in Thailand.

     

    Group-IB says that Krasue “poses a severe risk to critical systems and sensitive data” because attackers can access a targeted network remotely.

     

    Krasue Linux RAT


    The cybersecurity analysts say that the malware contains several embedded rootkits, drawn from public sources, meaning that the RAT can support different Linux kernel versions.

     

    However, Group-IB is yet to determine Krasue’s initial infection vector. So far, vulnerability exploitation, credential brute force attacks, and unwitting downloads as part of deceptive packages are all being considered.

     

    Instead, the cybersecurity company says it’s disclosing the limited information it has at this point in order to prime Thai telecommunications companies so that they can be better prepared to secure themselves against such attacks. Group-IB has also notified the Thailand Computer Emergency Response Team (ThaiCERT) and the Thailand Telecommunications Sector Computer Emergency Response Team (TTC-CERT).

     

    After analysis, it looks like the Krasue RAT might have been created by the same author as XorDdos – another Linux Trojan malware with rootkit capabilities for launching large-scale DDoS attacks.

     

    But specific threat group attribution is hard because the RAT uses code snippets from three different open-source projects – Diamorphine, Suterusu, and Rooty – which have been available for over five years.

     

    For now, Group-IB promises to continue monitoring the malware’s spread, including to other areas outside of Thailand.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...