New Linux Malware Infects All Running Processes
Security researchers from Intezer have reported a new Linux malware variant called OrBit.
“The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands,” reports Nicole Fishbein.
OrBit steals information from different commands and utilities and stores it in specific files on the machine. Once the malware is installed, it will infect all processes running on the machine.
Technical details about how OrBit works are available from Intezer.
Related content
- New Multi-Platform Backdoor Malware Targets Linux, macOS, and Windows
- Yet Another Malware is Plaguing Linux Systems
- Linux Backdoor Doesn’t Need Root Privileges
-
Malware Analysis
We show you how to dig deep to find hidden and covert processes, clandestine communications, and signs of misconduct on your network. -
Acquiring a Memory Image
Be ready before disaster strikes. In this article we describe some tools you should have on hand to obtain a memory image of an infected system.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Focus On Self-Hosting
• Self-Hosted PaaS with Coolify
• Build and Host Docker Images
• Self-Hosted Pritunl VPN Server with MFA
• Self-Hosted Chat Servers
• Self-Hosted Remote Support with RustDesk
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
