Malware News Samba Trojan becomes the bread and butter of fresh attack campaign

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The malware's veteran operators go low and slow to compromise Linux machines without detection.

The Butter attack campaign has been bolstered through the deployment of the Samba Trojan, a recent change to the stealthy criminal operation.

Researchers from cybersecurity firm GuardiCore have been tracking the Butter campaign since 2015 and while attacks originating from the criminals behind it have been generally limited -- specifically, only from four IPs -- a new payload has now been implemented which "has gone undetected by many security products."

In a blog post on Thursday, the team said that "Butter originates from a very limited number of attack sources and keeps them [the campaign] alive without being caught due to its low and slow operation."

The attack begins with a brute-force SSH attack on Linux machines. If this simple, initial attack vector proves successful, the campaign leaves a backdoor behind called Butter, together with a Trojan payload.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top