Ultra-stealthy Linux backdoor gives remote access to any account

By
Niranjan Maharajh
June 10, 2022
1
min read
Share this post
What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine. Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability.
Symbiote Evasion Techniques

Source: https://arstechnica.com/information-technology/2022/06/novel-techniques-in-never-before-seen-linux-backdoor-make-it-ultra-stealthy/

READ MORE

Share this post
Niranjan Maharajh

Try the Professional Plan Free for 2 Weeks!

Explore all features of PMM for 2 weeks to see how it can simplify your post-market surveillance. If you cancel before the trial ends, your credit card will not be charged