Newest Symbiote Malware Affects All Running Processes on Linux Systems

Home/Malware, Security Advisory, Security Update, Targeted Attacks/Newest Symbiote Malware Affects All Running Processes on Linux Systems

Newest Symbiote Malware Affects All Running Processes on Linux Systems

A newly discovered Linux malware known as Symbiote infects all running processes on compromised systems, steals account credentials, and gives its operators backdoor access.

The main objective of this malware we call “Symbiote” is to capture credentials and to facilitate backdoor access to a victim’s machine. Since the malware has so many ways to hide itself, including rootkit functionality, detecting an infection can be difficult. But Symbiote has even greater functionality in its bag of tricks.

How this technique works:

When an administrator starts any packet capture tool on the infected machine. After which BPF bytecode is injected into the kernel that defines which packets should be captured, BlackBerry explained. In this process, Symbiote adds its bytecode first so it can filter out network traffic .

Most impressive elements of the Linux malware is stealth. The malware is pre-loaded before other shared objects, allowing it to hook specific functions .

Since the malware operates as a userland level rootkit, detecting an infection may be difficult. Network telemetry can be used to detect anomalous DNS requests and security tools like AVs and EDRs should be added.

A sample of the malware was uploaded to VirusTotal under the name certbotx64. The team suspects that as submissions were made prior to the malware’s main infrastructure going online, the uploads might have been for antivirus and detection-testing purposes.

Follow us for more, Facebook, Twitter, LinkedIn and Instagram

File Hash observed for Symbiote

  • 0c278f60cc4d36741e7e4d935fd2972f
  • a0d1e1ec8207c83c7d2d52ff65f0e159
  • 59033839c1be695c83a68924979fab58

By | 2022-06-14T19:18:53+05:30 June 10th, 2022|Malware, Security Advisory, Security Update, Targeted Attacks|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!