Sneaky Orbit Malware Backdoors Linux Devices

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found.

The malware, dubbed Orbit, is unlike other Linux threats in that it steals information from different commands and utilities and then stores them in specific files on the machine, researchers from security automation firm Intezer discovered. In fact, the malware’s name comes from one of the filenames it to temporarily store the output of executed commands, they said. Orbit can either achieve persistence on a machine or be installed as volatile implant, Intezer’s Nicole Fishbein explained in a blog post on Orbit published this week.
The malware sets itself apart from similar threats is its “almost hermetic hooking” of libraries on the targeted machines, which allows it to gain persistence and evade detection while stealing information and setting SSH backdoor, she said. “The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands,” Fishbein wrote in the post. Moreover, once Orbit is installed, it infects all of the running processes on the machine, including new ones
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top