They have an “attack flow” diagram that seems to indicate a hacker installing it directly through a known vulnerability.
Comment on Thousands of Linux systems infected by stealthy malware since 2021
zante@lemmy.wtf 3 months ago
No mention of transmission methods as far as I understand the article
JohnnyCanuck@lemmy.ca 3 months ago
Buffalox@lemmy.world 3 months ago
The whole thing sounds fishy. Like it’s trying to convince people Linux is inherently vulnerable.
Like WTF?
Buelldozer@lemmy.today 3 months ago
I’m typing this reply from a machine running KDE Plasma on top of Linux Mint 22. I’m not sure what precisely what you mean by “inherently” but I’d like to point that “Linux” has security problems all over the place; the kernel has issues, the DEs have issues, the applications have issues. It’s more secure than Windows but that’s not a very high bar.
Buffalox@lemmy.world 3 months ago
I’ve been using Linux since 2005, and I’ve heard all sorts of stories about Linux having “security problems”, and almost every time it turns out to be a problem that can’t be exploited on it’s own. but requires the use of other vulnerabilities.
The only exception I can recall is the zx util compression tool, which was detected before it was rolled out.
Zero day vulnerabilities have been non existent for 20 years to my knowledge.
nyan@lemmy.cafe 3 months ago
It’s kind of an iffy assertion. That’s maybe the number of files it scans looking for misconfigurations it can exploit, but I’d bet there’s a lot of overlap in the potential contents of those files (either because of cascading configurations, or because they’re looking for the same file in slightly different places to mitigate distro differences). So the number of possible exploits is likely far fewer.
Buffalox@lemmy.world 3 months ago
So how did it get into the system to be able to scan configuration files?
nyan@lemmy.cafe 3 months ago
Separate remote code execution vulnerability in unupdated versions of RocketMQ, a Chinese-developed messaging/streaming server, in the case of the infection described in the article. It’s possible that there are a few other RCE vulns it can make use of, but 20000 of them seems unlikely.