silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,903
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware.
"This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said.
Linux variants of BIFROSE (aka ELF_BIFROSE) have been observed since at least 2020 with capabilities to launch remote shells, download/upload files, and perform file operations.
"Attackers typically distribute Bifrost through email attachments or malicious websites," the researchers said. "Once installed on a victim's computer, Bifrost allows the attacker to gather sensitive information, like the victim's hostname and IP address."