A Stealthy Linux Malware Targeting Latin American Financial Sector

ByKaryl Bilotto

Jun 13, 2022 #""Succeeded His Business"", #2 Of Cups Business, #525 Business 5 Bankruptcies, #Accounting Business Letter To Client, #Bracken Business Communications Clinic, #Business Account No Deposit, #Business Administration Fafsa, #Business Balance Sheet Explained, #Business Card, #Business Card Printing La Plata, #Business Card To Secret Website, #Business Cards Media Bar, #Business Central Png, #Business Coaching Site Cloudfront, #Business Contract Lawyer 47201, #Business Marketing Pearson Quizlet, #Business Milleage Leager 18, #Business Mobile Broadand Plans, #Business Plan For Supplement Company, #Business Plan Loan Originayor, #Disrupting Digital Business Harvard, #Ffiec Business Continuity Templates, #Gauge Ear Piercing Business, #Good Openings For Business Letters, #Holton Investment Business, #Indiana Wesleyan University Business, #Indianapolis Business Times, #List Business In Search Engines, #List My Business Yahoo, #Lunch Susbcription Business Model, #Morgan Hill Business Liocense Renewal, #Nee Small Business Bill Signed, #Negotiating Business Acquisitions Practical Law, #Networking Trends Small Business, #New Business In Shorewood Il, #School Business Officer Being Unethical, #Small Business Administration Mass, #Small Business Comunity, #Small Business Corporation South Africa, #Small Business Depew Llc, #Small Business Medical Offices Chicago, #Small Business Office Lakewood Nj, #Small Business Plans Verizon, #Small Business Storage Array, #Small Business Sucess Stories, #South Florida Business Journal Twitter, #Torrington Ct, #United Business Tech Response Sla, #United Domestic Business Food, #Video Business Woman Bukkake, #Ways To Improve Business Technologyreddit
Stealthy Linux Malware

Cybersecurity researchers have taken the wraps off what they simply call a “practically-not possible-to-detect” Linux malware that could be weaponized to backdoor contaminated devices.

Dubbed Symbiote by threat intelligence corporations BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal alone in just operating processes and network site visitors and drain a victim’s methods like a parasite.

The operators guiding Symbiote are considered to have commenced improvement on the malware in November 2021, with the threat actor predominantly making use of it to goal the money sector in Latin The usa, like banking companies like Banco do Brasil and Caixa, dependent on the domain names made use of.

“Symbiote’s most important aim is to capture credentials and to aid backdoor entry to a victim’s machine,” researchers Joakim Kennedy and Ismael Valenzuela said in a report shared with The Hacker Information. “What would make Symbiote unique from other Linux malware is that it infects running procedures somewhat than employing a standalone executable file to inflict destruction.”


It achieves this by leveraging a native Linux feature called LD_PRELOAD — a technique previously used by malware this sort of as Professional-Ocean and Facefish — so as to be loaded by the dynamic linker into all jogging procedures and infect the host.

Besides hiding its presence on the file process, Symbiote is also able of cloaking its community targeted traffic by earning use of the extended Berkeley Packet Filter (eBPF) attribute. This is carried out by injecting by itself into an inspection software’s procedure and working with BPF to filter out results that would uncover its action.

On hijacking all jogging processes, Symbiote enables rootkit features to more cover proof of its existence and presents a backdoor for the menace actor to log in to the equipment and execute privileged commands. It has also been observed storing captured credentials encrypted in information masquerading as C header data files.


This is not the initially time a malware with equivalent abilities has been spotted in the wild. In February 2014, ESET unveiled a Linux backdoor called Ebury which is developed to steal OpenSSH qualifications and manage access to a compromised server.

Additionally, the disclosure comes just about a thirty day period soon after aspects emerged about an evasive Linux-based passive implant called BPFDoor that masses a Berkeley Packet Filter (BPF) sniffer to check community site visitors and initiate a bind shell even though bypassing firewall protections.

“Since the malware operates as a consumer-land amount rootkit, detecting an an infection may possibly be difficult,” the researchers concluded. “Network telemetry can be employed to detect anomalous DNS requests and stability applications this kind of as AVs and EDRs really should be statically linked to be certain they are not ‘infected’ by userland rootkits.”