- Jul 27, 2015
- 5,458
A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found.
The malware, dubbed Orbit, is unlike other Linux threats in that it steals information from different commands and utilities and then stores them in specific files on the machine, researchers from security automation firm Intezer discovered. In fact, the malware’s name comes from one of the filenames it to temporarily store the output of executed commands, they said. Orbit can either achieve persistence on a machine or be installed as volatile implant, Intezer’s Nicole Fishbein explained in a blog post on Orbit published this week.
The malware sets itself apart from similar threats is its “almost hermetic hooking” of libraries on the targeted machines, which allows it to gain persistence and evade detection while stealing information and setting SSH backdoor, she said. “The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands,” Fishbein wrote in the post. Moreover, once Orbit is installed, it infects all of the running processes on the machine, including new ones
Sneaky New Orbit Malware Backdoors Linux Devices
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.
threatpost.com