Yet Another Malware is Plaguing Linux Systems


Linux systems have been found to be vulnerable to another malware, dubbed Symbiote.

BlackBerry and Intezer Labs have detailed a new Linux malware, dubbed Symbiote, that uses the Berkely Packet Filter (BPF) hooking functionality to sniff data packets and obfuscate communication channels from security scanners.

What’s unique about Symbiote is that it doesn't use a traditional executable binary, but rather a shared object library that gets loaded into running processes by way of the LD_PRELOAD directory. And since Symbiote is the first to load on a system, it can hook both the libc and libpcap function to perform several actions, such as hiding parasitic processes and hiding various files that are deployed using the malware. Once injected Symbiote can choose which results are displayed. And, according to the researchers, “If an administrator starts a packet capture on the infected machine to investigate some suspicious network traffic, Symbiote will inject itself into the inspection software’s process and use BPF hooking to filter out results that would reveal its activity.”

Symbiote is primarily used for the automated harvesting of credentials and to give operators remote SSH access by way of the PAM service. Most of the Symbiote targets are within the financial sector of Latin America.

Read more about Symbiote on the BlackBerry official blog.

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=