- Device 42 Discovering a new Linux Malware
- Auto color can give attackers full access to compromised final points
- The original infection vector is unknown, but universities and governments strike
Universities and government offices in North America and Asia are targeted by a brand new Linux back door called “Auto color”, experts have claimed.
CyberSecurity scientists from Palo Alto Networks’ Unit 42 revealed in early November 2024, it encountered a back door that was relatively difficult to spot and impossible to remove without specialized software.
The back door was able to open a reverse, to give attackers full remote access, run arbitrary commands on the target system, manipulate local files, act as a proxy or dynamically change its configuration. Malware also comes with a killing contact that allows threat actors to remove all proof of compromise and thus make analysis and forensic technique more difficult.
Dangerous threat
Given its advanced clearing features and a comprehensive list of dangerous capabilities, auto-colored was described as a very dangerous threat. However, unit 42 could not attribute it to any known threat actor, nor would it discuss the victims in more detail. Therefore, we do not know how many organizations were infected, nor what the campaign’s final goal is.
What is also unknown is how the victims were infected in the first place. Device 42 says the initial infection vector is unknown, but added to start with the victim performing a file on the target system. The file usually has a benign name such as “dies”, “log” or “eggs”.
Linux Malware becomes more sophisticated and widespread due to increased Linux resumption in cloud computing, corporate servers and IoT devices. Cyber criminals shift focus from traditional Windows targets to include Linux environments, exploit misunderstandings, non -admitted vulnerabilities and weak security practices.
The increase of malware-as-a-service (MAAS) and automated attacking tools also make Linux-based threats more effective.
Via Bleeping computer
