It is currently 22-08-2017 10:24

Discovered a new rootkit for Linux

Discovered a new rootkit for Linux

by sigismund » 2016-09-06 12:07:27


Trojan is embedded in the functionality of libc, so it can only find tools that do not use this library.


Researchers from Trend Micro reported about a new rootkit that works exclusively on Linux systems, including systems based on Intel and ARM. According to experts, the rootkit, dubbed Umbreon (after the eponymous character's Pokémon), actively used by hackers in cyber attacks.

The installation of the malware on the compromised system is carried out manually. Thus the attacker can change the place of installation of the rootkit, which greatly complicates its automatic detection. According to the researchers, the Trojan is embedded in the functionality of libc, so it can only find tools that do not use this library.

Functionality Umbreon is quite extensive. Trojan can intercept network traffic, modify console command to establish a connection with the C&C server and to work as a backdoor giving the attacker full access to the compromised device.

Because the rootkit runs at the user level, his removal may be done manually by downloading a Linux Live CD and delete malicious files. This procedure is recommended to be performed only by experienced users.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5