The officially official Devuan Forum!

You are not logged in.

#1 2022-06-11 11:05:05

Altoid
Member
Registered: 2017-05-07
Posts: 1,049  

Linux malware - possibly undetectable?

Hello:

Found this early today.

---
Symbiote Linux malware spotted, and infections are 'very hard to detect'
'Performing live forensics on an infected machine may not turn anything up' warn researchers
---

https://forums.theregister.com/forum/al … x_malware/

Anyone know about this?

Best,

A.

Offline

#2 2022-06-11 11:08:32

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,391  

Re: Linux malware - possibly undetectable?

There are some markers for it:

https://blogs.blackberry.com/en/2022/06 … nux-threat

^ See the "Indicators of Compromise (IoCs)" section for details.

Anyway this is aimed at banks and suchlike so I don't think desktop users have to worry too much.


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#3 2022-06-25 18:37:38

czeekaj
Member
Registered: 2019-06-12
Posts: 75  

Re: Linux malware - possibly undetectable?

Right,
I wonder if checking your sockets could detect it. I think you are pretty save.

netstat -ao | less

  check your sockets in recovery and in full user mode.
Look for anything abnormal. It's good to get familiar with what your system sockets look like. dbus is pretty busy. If you can minimize sockets you minimize attack surface.
Most of the targeted libs are apache or java related. Minimalism is a good bet.
Again though a lot of linux vulnerabilities seem to happen early during boot process or in between system upgrades I imagine is when they are the most vulnerable. I am only guessing though that's when you are dealing with root kit level stuff.
Only way to get persistence as well I imagine.

Offline

Board footer