A new and entirely undetected Linux threat dubbed Orbit, signally a growing trend of malware attacks towards operating system.
Orbit Malware
The malware gets its name from one of the filenames that’s utilized to temporarily store the output of executed commands (“/tmp/.orbit”), according to cybersecurity firm Intezer. OrBit is the fourth Linux malware to have come to light in a short span of three months after BPFDoor, Symbiote, and Syslogk.
The malware also functions a lot like Symbiote in that it’s designed to infect all of the running processes on the compromised machines. The malware uses two methods to achieve persistence ,Fishbein explained.
The first way is by adding the shared object to the configuration file that is used by the loader
The second way is by patching the binary of the loader itself so it will load the malicious shared object
This malware uses XOR encrypted strings and steals passwords similar to other Linux backdoors reported by ESET. Finally, this malware steals information from different commands and utilities and stores them in specific files on the machine.
Moreover, OrBit relies on a barrage of methods that enables it to purpose with out alerting its presence and establish persistence in a method. Linux threats continue to evolve.
IoCs
| Hash | File |
| f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 | Dropper |
| 40b5127c8cf9d6bec4dbeb61ba766a95c7b2d0cafafcb82ede5a3a679a3e3020 | Payload |
Follow us for more, Facebook, Twitter, LinkedIn and Instagram
Leave A Comment