FBI and NSA expose new Linux malware

Tutman

Tutman

Level 12
Thread author
Verified
Top Poster
Well-known
Apr 17, 2020
531
3,532
1,069
USA
Content source
https://www.zdnet.com/article/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers/
FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers
Click to expand...
The FBI and NSA issue joint security alert containing technical details about new Linux malware developed by Russia's military hackers.

The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia's military hackers.

The two agencies say Russian hackers used the malware, named Drovorub, was to plant backdoors inside hacked networks.

Based on evidence the two agencies have collected, FBI and NSA officials claim the malware is the work of APT28 (Fancy Bear, Sednit), a codename given to the hackers operating out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS).

Through their joint alert, the two agencies hope to raise awareness in the US private and public sectors so IT administrators can quickly deploy detection rules and prevention measures.
Click to expand...
 
  • Like
Reactions: ForgottenSeer 72227, [correlate], Mercenary and 11 others
  • Like
  • Wow
Reactions: ForgottenSeer 72227, [correlate], Mercenary and 6 others
www.zdnet.com

This surprise Linux malware warning shows that hackers are changing their targets

The old assumptions about security are wrong and will need updating, fast.
www.zdnet.com www.zdnet.com
There's still a dangerous assumption among many that malware is only a problem for Windows. That might have been more believable a decade or two ago. But the reality is that any computer system that builds up significant market share or plays host to valuable data will now be a target. Linux is increasingly the foundation of many different business systems and vast parts of the cloud. While there are still relatively few threats targeting Linux, there's no reason why that should remain the case.

None of this is to question the quality of Linux's in-built security, which many argue is stronger because of the open-source nature of the code. Indeed, in this case, the malware only works against relatively old versions of the Linux kernel. But Drovorub is a reminder that hackers and malware writers are increasingly willing to target any and all systems if they think there is a profit, some other advantage – or simply the opportunity for chaos – to be had.

The most dangerous assumption that many organisations make is that they are not going to be a target. That might be because they think they are too insignificant or because they are too well protected.

Both of those assumptions are likely to be wrong. Even if your business is modest or niche, you may have customers or suppliers who are more interesting to hackers, who will therefore use your systems as a route to attack them. And what about if you think you are too well defended to be a victim? Well, there are plenty of billion-dollar companies that thought the same – and were wrong.

This latest revelations show that all systems and all devices can, and probably will, be targeted, even the ones we least expect. Innovations like the IoT and the cloud simply broaden the threat surface organisations will have to secure. And hackers will not abide by old-fashioned ideas about what software and systems are vulnerable to attack. Complacency is our biggest threat.
Click to expand...
 
  • Like
Reactions: ForgottenSeer 72227, [correlate], Tutman and 7 others
I never see people on a Linux forum asking for help with a malware infection or even a possible malware infection. This just doesn't seem to be happening to home users of Linux. Obviously, it could happen, but it just seems so rare.
 
  • Like
Reactions: ForgottenSeer 72227, [correlate] and oldschool
EndangeredPootis said:
Probably because most linux users are tech savvy.
Click to expand...
True. And since they don't use AV, they may never even know if they are infected. But still, the glaring lack of posts about malware incidents tells me they are not very common.
 
  • Like
Reactions: ForgottenSeer 72227, [correlate], blackice and 1 other person
security123 said:
I would say that a lot even doesn't know they're infected
Click to expand...
To tell you the truth, I don't think I could even get infected on linux if I tried.
On Windows, it's easy: turn off AV, download warez, click on suspicious links. It won't take long until you are infected. On linux, I have no idea how to get infected.
 
  • Like
Reactions: ForgottenSeer 72227, SeriousHoax and [correlate]
Finding Linux malware are silly easy. Sample sources are flooded with them on almost a daily base.

Admit that one got infected is embarrassing for anyone and extra so for those with a little more knowledge than average people. This is sadly a well known issue as it's very important with reports and information so vendors can tackle attacks faster and more effective.
 
Last edited:
  • Like
Reactions: ForgottenSeer 72227, silversurfer, Vitali Ortzi and 5 others
shmu26 said:
To tell you the truth, I don't think I could even get infected on linux if I tried.
On Windows, it's easy: turn off AV, download warez, click on suspicious links. It won't take long until you are infected. On linux, I have no idea how to get infected.
Click to expand...
I agree with you. Avoiding illegal sites, downloads one can even almost completely avoid malware infection on windows so on Linux the possibility is almost zero for sane users. Nowadays adblockers are far more important than antivirus on any operating system. Malvertising is a serious threat now.
 
  • Like
Reactions: silversurfer, ForgottenSeer 85179 and shmu26
shmu26 said:
Where does a user find linux malware, besides by downloading malware samples as a tester?
Click to expand...
VT, Hybrid Analysis, etc etc. Backtracking IOCs and sources also from all the Linux malware articles usually helps.

Click the spoiler button, if curious as these are just a very small portion of reported Linux malware here on MT alone.
malwaretips.com

New Linux malware uses Dogecoin API to find C&C server addresses

While Linux malware was once sitting on the fringes of the malware ecosystem, today, new Linux threats are being discovered on a weekly basis. The latest finding comes from Intezer Labs. In a report shared with ZDNet this week, the company analyzed Doki, a new backdoor trojan they spotted part...
malwaretips.com malwaretips.com
malwaretips.com

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux

Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. The malware received the name Ensiko and is a web shell written in PHP. Attackers can use it to remotely control a...
malwaretips.com malwaretips.com
malwaretips.com

New Tycoon ransomware targets both Windows and Linux systems

A new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019. The ransomware, dubbed Tycoon by security researchers with BlackBerry Threat Intelligence and...
malwaretips.com malwaretips.com
malwaretips.com

China-Linked Hackers Systematically Targeted Linux Servers for Years

"Activity associated with five cyber-espionage groups acting in the interest of the Chinese government remained undetected for almost a decade, security researchers at BlackBerry say. Successfully conducting cross-platform attacks targeting Linux, Windows and Android devices, the adversaries...
malwaretips.com malwaretips.com
malwaretips.com

Linux, Windows Users Targeted With New ACBackdoor Malware

Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines. The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for...
malwaretips.com malwaretips.com
malwaretips.com

EvilGnome Malware Helps Hackers Spy on Linux Users

Intezer security researchers have discovered a new backdoor targeting Linux systems with the purpose of spying on users. Dubbed EvilGnome, the threat disguises as a Gnome extension and appears related to the Gamaredon Group, an alleged Russian threat actor. The analyzed sample appears to be a...
malwaretips.com malwaretips.com
malwaretips.com

Malware Alert - New HiddenWasp malware found targeting Linux systems

Malware believed to have been created by Chinese hackers. Security researchers have found a new strain of Linux malware that appears to have been created by Chinese hackers and has been used as a means to remotely control infected systems. Named HiddenWasp, this malware is composed of a...
malwaretips.com malwaretips.com
www.welivesecurity.com

Linux and malware: Should you worry?

Malicious code is nothing to worry about on Linux, right? Hold your penguins. Linux malware has gone from the sidelines to the headlines.
www.welivesecurity.com
 
  • Like
  • +Reputation
Reactions: ForgottenSeer 72227, shmu26, harlan4096 and 1 other person
upnorth said:
VT, Hybrid Analysis, etc etc. Backtracking IOCs and sources also from all the Linux malware articles usually helps.

Click the spoiler button, if curious as these are just a very small portion of reported Linux malware here on MT alone.
malwaretips.com

New Linux malware uses Dogecoin API to find C&C server addresses

While Linux malware was once sitting on the fringes of the malware ecosystem, today, new Linux threats are being discovered on a weekly basis. The latest finding comes from Intezer Labs. In a report shared with ZDNet this week, the company analyzed Doki, a new backdoor trojan they spotted part...
malwaretips.com malwaretips.com
malwaretips.com

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux

Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. The malware received the name Ensiko and is a web shell written in PHP. Attackers can use it to remotely control a...
malwaretips.com malwaretips.com
malwaretips.com

New Tycoon ransomware targets both Windows and Linux systems

A new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019. The ransomware, dubbed Tycoon by security researchers with BlackBerry Threat Intelligence and...
malwaretips.com malwaretips.com
malwaretips.com

China-Linked Hackers Systematically Targeted Linux Servers for Years

"Activity associated with five cyber-espionage groups acting in the interest of the Chinese government remained undetected for almost a decade, security researchers at BlackBerry say. Successfully conducting cross-platform attacks targeting Linux, Windows and Android devices, the adversaries...
malwaretips.com malwaretips.com
malwaretips.com

Linux, Windows Users Targeted With New ACBackdoor Malware

Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines. The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for...
malwaretips.com malwaretips.com
malwaretips.com

EvilGnome Malware Helps Hackers Spy on Linux Users

Intezer security researchers have discovered a new backdoor targeting Linux systems with the purpose of spying on users. Dubbed EvilGnome, the threat disguises as a Gnome extension and appears related to the Gamaredon Group, an alleged Russian threat actor. The analyzed sample appears to be a...
malwaretips.com malwaretips.com
malwaretips.com

Malware Alert - New HiddenWasp malware found targeting Linux systems

Malware believed to have been created by Chinese hackers. Security researchers have found a new strain of Linux malware that appears to have been created by Chinese hackers and has been used as a means to remotely control infected systems. Named HiddenWasp, this malware is composed of a...
malwaretips.com malwaretips.com
www.welivesecurity.com

Linux and malware: Should you worry?

Malicious code is nothing to worry about on Linux, right? Hold your penguins. Linux malware has gone from the sidelines to the headlines.
www.welivesecurity.com
Click to expand...
I have been following the reports you listed in the spoiler. It almost always is targeting servers, rather than home users. There was a report or two about linux malware hosted on github, though. If a user was unlucky enough to end up on a github page hosting fake versions of popular linux apps, then indeed, that's a way to get infected.
 
  • Like
  • +Reputation
Reactions: ForgottenSeer 72227, Gandalf_The_Grey, harlan4096 and 2 others
You must log in or register to reply here.

You may also like...