Stealthy Linux rootkit found in the wild after going undetected for 2 years::Krasue infects telecom firms in Thailand using techniques for staying under the radar.
Stealthy Linux rootkit found in the wild after going undetected for 2 years
Submitted 11 months ago by L4s@lemmy.world [bot] to technology@lemmy.world
Comments
FleaCatcher@lemmy.world 11 months ago
cooopsspace@infosec.pub 11 months ago
The most incredible part of this is it isn’t even a Linux flaw. The key to this exploit is downloading shit software, an issue that exists universally on any operating system (especially Windows).
ILikeBoobies@lemmy.ca 11 months ago
So…package manager?
narc0tic_bird@lemm.ee 11 months ago
I’m assuming this meme wasn’t meant all too serious by the poster (but judging by the downvotes quite a few people took it seriously).
However, it’s not like Linux is magically immune to security vulnerabilities. It’d be foolish to think your system is invulnerable just because you’re using a Linux distribution.
Honytawk@lemmy.zip 11 months ago
Sadly, too many Linux users still believe there are no viruses on Linux.
You can blame Apples marketing.
skillissuer@discuss.tchncs.de 11 months ago
If you’re using Linux 3.10 in current year (not airgapped) it’s on you
Kodemystic@lemmy.kodemystic.dev 11 months ago
Hpw to combat stuff like this?
d3Xt3r@lemmy.nz 11 months ago
SELinux, grsecurity, containers, keep your system updated and don’t run random untrustworthy code.
TrickDacy@lemmy.world 11 months ago
random untrustworthy code.
Honestly, is there much code in the world which doesn’t meet this description? How do you propose we decide what is trustworthy? Every time I update my packages I’m getting possibly millions of new lines of code that I can’t possibly personally vet
autotldr@lemmings.world [bot] 11 months ago
This is the best summary I could come up with:
Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday.
Researchers from security firm Group-IB have named the remote access trojan “Krasue,” after a nocturnal spirit depicted in Southeast Asian folklore “floating in mid-air, with no torso, just her intestines hanging from below her chin.” The researchers chose the name because evidence to date shows it almost exclusively targets victims in Thailand and “poses a severe risk to critical systems and sensitive data given that it is able to grant attackers remote access to the targeted network.
It then proceeds to hook the syscall, network-related functions, and file listing operations, thereby obscuring its activities and evading detection.
Rootkits are a type of malware that hides directories, files, processes, and other evidence of its presence to the operating system it’s installed on.
By hooking legitimate Linux processes, the malware is able to suspend them at select points and interject functions that conceal its presence.
Intercepting the kill() syscall also allows the trojan to survive Linux commands attempting to abort the program and shut it down.
The original article contains 288 words, the summary contains 192 words. Saved 33%. I’m a bot and I’m open source!
raspberriesareyummy@lemmy.world 11 months ago
Zero useful info: what is the attack vector / vulnerability exploited? Without that info, thisi is useless
anamethatisnt@lemmy.world 11 months ago
Well, most of us can relax I believe: The rootkit supports Linux Kernel versions are 2.6x/3.10.x
KSPAtlas@sopuli.xyz 11 months ago
The only thing I know runs that kernel version is my Wii because it needs an old kernel for ppc32 support
raspberriesareyummy@lemmy.world 11 months ago
Now that is helpful information - current distros being on 6.x and whatnot… Thanks!
randy@lemmy.ca 11 months ago
From the article:
So no one knows yet. But I feel that the existence of malware in the wild is newsworthy, even if we don’t know how it got there. Regardless, you and I probably don’t have to worry about it unless you’re a Thai telecom.
raspberriesareyummy@lemmy.world 11 months ago
And unless we run a 3.x kernel as another commentor pointed out…