Earth Berberoka APT Group Unleashes Mélofée Malware on Linux Servers

The discovery of a novel malware piece targeting Linux servers has been attributed to an unknown Chinese state-sponsored hacking group.

A state-sponsored APT group called Earth Berberoka (GamblingPuppet) has also been linked to this malware. While this group has been active since 2020 and primarily targets Chinese gambling websites. 

One of the malware’s features is a kernel-mode rootkit that utilizes Reptile, an open-source project. It is mainly used to conceal itself since the rootkit includes a hook to ensure the machine doesn’t detect it.

This package has been compiled for kernel version 5.10.112-108.499.amzn2.x86_64, according to the vermagic metadata.