A new malware developed in China has as its main focus systems and servers with software Linux. Through it, the malware is hidden by monitoring systems and security software. security and creates a backdoor on these platforms, which can be turned on or off remotely by criminals. To learn how to prevent this new malware, check out the full article!
Read more: Russian Hacker Creates New Malware That Steals Bank Details
see more
Sweet news: Lacta launches Sonho de Valsa e Ouro chocolate bar…
Brazilian wine wins label award at the 'Oscars' of…
What is this new malware all about?
According to researchers from the Avast security network, this is malware that is still in development. Its use has been made to attack infrastructures and Linux systems. According to investigations, its development is linked to a Chinese threat group: the APT31 or Zirconium. These were supposed to deliver a backdoor known as Rekoobe.
Syslogk, that is, the system for recording events (messages of events occurring in the system), would be based on exploitation tools that are still under development. In this way, different kernels of the operating system continue to be affected, as well as the exploitation and stealth capabilities of this malware continue to be expanded.
The first reports of this virus were from an email SMTP server. Criminals crafted these emails so that malware could be installed on victims' machines. According to research, the virus tends to remain dormant in the system until it is activated by receiving the data streams.
They use special formats to activate features, without necessarily needing commands to give access to the machine. In this case, from Syslogk, Rekoobe is activated and can be used to deactivate the backdoor, as well as completely remove contaminated systems.
This action causes the threat to appear on the system in a very cautious way, appearing as legitimate processes. That way, when the administrator realizes the danger, it is already too late and the damage has already been done.