⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One...

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

An investigation into the compromise of an Amazon Web Services AWS-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro , according to findings from Synacktiv. "This backdoor features functionalities relying on the installation of two eBPF extended Berkeley...

boopkit

This is a Linux rootkit and backdoor built using eBPF Extended Berkeley Packet Filter. The tool is called "boopkit" and is designed to establish a reverse TCP connection from a remote server to a local machine. The tool has several options, including: -lhost and -lport to specify the local host a...

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Cybersecurity researchers have demonstrated a proof-of-concept PoC rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called iouring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allo...

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module LKM rootkit...

TripleCross 安全漏洞

TripleCross is a Linux eBPF rootkit with backdoor, C2, library injection, execution hijacking, persistence, and steganography from the individual developer Marcos Bajo in Spain. A security vulnerability exists in TripleCross version v0.1.0, which stems from a segmentation fault that occurs when...

TripleCross 缓冲区错误漏洞

TripleCross is a Linux eBPF rootkit with backdoor, C2, library injection, execution hijacking, persistence, and steganography from the individual developer Marcos Bajo in Spain. A security vulnerability exists in TripleCross version v0.1.0, which stems from containing a stack overflow with no lim...

Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems

Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family,...

Group Behind SSH Brute Force Attacks Slowed Down

A criminal group whose actions have at times been responsible for one-third of the Internet’s SSH traffic—most of it in the form of SSH brute force attacks—has been cut off from a portion of the Internet. While not a botnet takedown in the traditional sense, networking providers Level 3...

64-bit Debian Linux Rootkit with nginx Doing iFrame Injection - Active Check

Debian Squeeze Linux Rootkit with nginx is prone to iframe injection. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx...