Get the latest tech news
Stealthy Malware Has Infected Thousands of Linux Systems for Years
Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities.
Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday. Two such techniques are (1) modifying the ~/.profile script, which sets up the environment during user login so the malware loads ahead of legitimate workloads expected to run on the server and (2) copying itself from memory to multiple disk locations. From there, the file establishes a local command-and-control process and attempts to gain root system rights by exploiting CVE-2021-4043, a privilege-escalation vulnerability that was patched in 2021 in Gpac, a widely used open source multimedia framework.
Or read this on Wired
/cdn.vox-cdn.com/uploads/chorus_asset/file/25658358/247300_ONE_DOLLAR_MERGER_CVirginia.jpg)