Jump to content
  • New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

    aum

    • 352 views
    • 2 minutes
     Share


    • 352 views
    • 2 minutes

    A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits.


    This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems.


    "The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration," Intezer researcher Ryan Robinson said in a new report published today.


    Central to the malware is a downloader ("kbioset") and a core ("kkdmflush") module, the former of which is engineered to retrieve at least seven different plugins from a remote server that are subsequently invoked by the core component.


    In addition, the downloader is also responsible for establishing the persistence of the framework's main module. "The main function of the downloader module is to fetch the other components and execute the core module," Robinson noted.

     

    malware.jpg

     

    The core module, for its part, establishes contact with the command-and-control (C2) server to fetch necessary commands required to execute the plugins, while also taking care to hide its own presence in the compromised machine.


    Some of the notable commands received from the server enable the malware to fingerprint the machine, run shell commands, upload files to the C2 server, write arbitrary data to file, and even update and remove itself from the infected host.


    It further sets up persistence by creating an initialization script that's executed upon system boot, effectively allowing the downloader to be automatically launched.


    "The Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux," Robinson pointed out.


    The discovery of Lightning Framework makes it the fifth Linux malware strain to be unearthed in a short period of three months after BPFDoor, Symbiote, Syslogk, and OrBit.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...