Hacks/Cracks

Discover Hacks/Cracks News

BPFdoor: Stealthy Linux malware bypasses firewalls for remote access

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.

LinuxSecurity.com Team
May 16, 2022

BPFDoor: Chinese tool almost undetected for FIVE years is second BPF-based attack uncovered this year

Researchers have uncovered a highly-evasive Chinese surveillance tool using the Berkeley Packet Filter (BPF). The malware, dubbed BPFDoor, is present on “thousands” of Linux systems, its controller has gone almost completely unnoticed by endpoint protection vendors despite it being in use for at least five years.

LinuxSecurity.com Team
May 10, 2022

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations.

LinuxSecurity.com Team
Mar 30, 2022

Linux botnet abuses log4j to attack Arm, x86-based devices

A new Linux botnet, B1txor20, that targets Arm and 64-bit x86 systems shows log4j isn't going away any time soon.

LinuxSecurity.com Team
Mar 18, 2022

New malware hides as legit nginx process on e-commerce servers

eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. “NginRAT essentially hijacks a host Nginx application to stay undetected. To do that, NginRAT modifies core functionality of the Linux host system. When the legitimate Nginx web server uses such functionality (eg dlopen), NginRAT intercepts it to inject itself.”

LinuxSecurity.com Team
Dec 03, 2021

CronRat Magecart malware uses 31st February date to remain undetected

Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to remain out of sight from security products. The malware, dubbed CronRat, hides in the calendar subsystem of Linux servers (“cron”) on a non-existent day, 31 February, according to a blog post by security researchers at Sansec.

LinuxSecurity.com Team
Nov 29, 2021

Hackers deploy Linux malware, web skimmer on eCommerce servers

Attackers are deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites.

LinuxSecurity.com Team
Nov 19, 2021

These stealthy hackers avoid Windows but target Linux as they look to steal phone data

The stealthy LightBasin hacking group (also known as UNC1945) is infiltrating telecommunications companies around the world in a campaign that researchers have linked to intelligence gathering and cyber espionage. LightBasin's primary focus is on Linux and Solaris servers that are critical for running telecommunications infrastructure – and are likely to have less security measures in place than Windows systems.

LinuxSecurity.com Team
Oct 22, 2021

Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices

Multiple malicious packages have been identified on the npm registry this month. These packages disguise themselves as legitimate JavaScript libraries, but have been caught launching cryptominers on Linux, Windows and MacOS machines.

LinuxSecurity.com Team
Oct 21, 2021

FontOnLake malware infects Linux systems via trojanized utilities

The newly discovered FontOnLake malware family delivers backdoor and rootkit components to infect Linux systems concealed in legitimate binaries.

LinuxSecurity.com Team
Oct 11, 2021

RansomEXX ransomware Linux encryptor may damage victims' files

It has been discovered that the RansomExx ransomware gang does not correctly lock Linux files during encryption, leading to potentially corrupted files.

LinuxSecurity.com Team
Oct 01, 2021

New Go malware Capoae targets WordPress installs, Linux systems

The new Capoae Go malware, which targets WordPress installs and Linux systems, highlights the increase of cyberattacks designed to deploy cryptocurrency-mining payloads.

LinuxSecurity.com Team
Sep 17, 2021

Hackers develop Linux port of Cobalt Strike for new attacks

Hackers have developed a Linux port of the Cobalt Strike penetration testing toolkit dubbed Vermilion Strike to evade malware detection.

LinuxSecurity.com Team
Sep 14, 2021

HolesWarm Malware Exploits Unpatched Windows, Linux Servers

The HolesWarm botnet cryptominer has already compromised 1,000-plus clouds since June.

LinuxSecurity.com Team
Aug 18, 2021

Linux version of BlackMatter ransomware targets VMware ESXi servers

The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. As more businesses move to this type of platform for their servers, we expect to continue to see ransomware developers focus primarily on Windows machines - but also create a dedicated Linux encryptor targeting ESXi.

LinuxSecurity.com Team
Aug 09, 2021

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

The Uptycs Threat Research team outlines how malicious Linux shell scripts are used to cloak attacks and how defenders can detect these threats and mitigate their risk of suffering an attack.

LinuxSecurity.com Team
Jul 30, 2021

Hackers turning to 'exotic' languages for next-gen malware, report warns

Hackers are turning coding languages such as Go, Rust, Nim and DLang into next-gen malware targeting Linux and Windows systems, enabling them to avoid signature detection and add layers of obfuscation.

LinuxSecurity.com Team
Jul 28, 2021

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

The infamous cross-platform LemonDuck crypto-mining malware has continued to refine and improve upon its techniques to strike both Linux and Windows OSes by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.

LinuxSecurity.com Team
Jul 26, 2021

Linux version of HelloKitty ransomware targets VMware ESXi servers

The ransomware gang behind the notorious attack on CD Projekt Red is now using a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage.

LinuxSecurity.com Team
Jul 16, 2021

Evasive Techniques Used By Malicious Linux Shell Scripts

Learn about common defense evasion techniques used in malicious shell scripts and how Uptycs detects them.

LinuxSecurity.com Team
Jul 07, 2021

Akira Ransomware Gang Targets Linux Servers, Extorts $42 Million

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

Linux Version of DinodasRAT Raises Serious Security Concerns