Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.
Comment on Thousands of Linux systems infected by stealthy malware since 2021
li10@feddit.uk 1 month ago
Sounds like it should at least be noticeable if you monitor resource usage?
cron@feddit.org 1 month ago
li10@feddit.uk 1 month ago
Not quite the monitoring I’m talking about though.
Basically, it seems like this would be a nightmare for a home user to detect, but a company is probably gonna pick up on this quite quickly with snmp monitoring (unless it somehow does something to that).
linearchaos@lemmy.world 1 month ago
Vulnerable to 20,000 misconfigurations, But squirted by 42 billion different simple checks that we all do anyway.
5 minute load greater than 80% of the number of cores? That’s an alarm…
Pantsofmagic@lemmy.world 1 month ago
That’s how some people found it, but it would disappear when someone would login to investigate.
li10@feddit.uk 1 month ago
Sure, but it’s still fairly detectable when it’s on a server at least, as long as you have monitoring. Just a bitch to pinpoint and fix.