New Symbiote malware infects all running processes on Linux systems

SeriousHoax

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Content source
https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/
A newly discovered Linux malware known as Symbiote infects all running processes on compromised systems, steals account credentials, and gives its operators backdoor access.

After injecting itself into all running processes, the malware acts as a system-wide parasite, leaving no identifiable signs of infection even during meticulous in-depth inspections.

Symbiote uses the BPF (Berkeley Packet Filter) hooking functionality to sniff network data packets and to hide its own communication channels from security tools.

This novel threat was discovered and analyzed by BlackBerry and Intezer Labs researchers, who worked together to uncover all aspects of the new malware in a detailed technical report. According to them, Symbiote has been under active development since last year.

System-wide infection via shared objects​

Instead of having the typical form of an executable, Symbiote is a shared object (SO) library that gets loaded into running processes using the LD_PRELOAD directive to gain priority against other SOs.

By being the first to load, Symbiote can hook the "libc" and "libpcap" functions and perform various actions to conceal its presence, like hiding parasitic processes, hiding files deployed with the malware, and more.

All hiding tricks used by Symbiote
All hiding tricks used by Symbiote (BlackBerry)
"When it injects itself into processes, the malware can choose which results it displays," the security researchers revealed in a report published today.

"If an administrator starts a packet capture on the infected machine to investigate some suspicious network traffic, Symbiote will inject itself into the inspection software's process and use BPF hooking to filter out results that would reveal its activity."

To hide its malicious network activity on the compromised machine, Symbiote scrubs connection entries it wants to hide, performs packet filtering via BPF, and removes UDP traffic to domain names in its list.

Backdoors and data theft​

This stealthy new malware is primarily used for.......
Click to expand...
Read More here
 
  • Like
  • Wow
  • Sad
Reactions: Venustus, struppigel, bayasdev and 7 others
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • Wow
AVrecon malware infects 70,000 Linux routers to build botnet
Replies
0
Views
1,366
News Archive
[correlate]
[correlate]
vtqhtr413
    • Like
    • +Reputation
Malware News This new threat infects devices with a dozen malware at once
Replies
3
Views
2,977
Security News
kailyn
kailyn
D
    • Like
    • +Reputation
    • Love
For additional security/privacy: "MajorPrivacy" (upgraded from "PrivateWin10")
Replies
23
Views
1,842
System utilities
Digmor Crusher
Digmor Crusher

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top