Chinese hackers have unleashed a never-before-seen Linux backdoor

posted onSeptember 19, 2023
by l33tdawg
Arstechnica
Credit: Arstechnica

Researchers have discovered a never-before-seen backdoor for Linux that’s being used by a threat actor linked to the Chinese government.

The new backdoor originates from a Windows backdoor named Trochilus, which was first seen in 2015 by researchers from Arbor Networks, now known as Netscout. They said that Trochilus executed and ran only in memory, and the final payload never appeared on disks in most cases. That made the malware difficult to detect. Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.

Other groups eventually used it, and its source code has been available on GitHub for more than six years. Trochilus has been seen being used in campaigns that used a separate piece of malware known as RedLeaves. In June, researchers from security firm Trend Micro found an encrypted binary file on a server known to be used by a group they had been tracking since 2021. By searching VirusTotal for the file name, ​​libmonitor.so.2, the researchers located an executable Linux file named “mkmon.” This executable contained credentials that could be used to decrypt the libmonitor.so.2 file and recover its original payload, leading the researchers to conclude that “mkmon” is an installation file that delivered and decrypted libmonitor.so.2.

Source

Tags

Industry News

You May Also Like

Other Articles In This Section

Recent News

Thursday, May 9th

OpenAI Is ‘Exploring’ How to Responsibly Generate AI Porn
Dell responds to return-to-office resistance with VPN, badge tracking
Hands-on with the new iPad Pros and Airs: A surprisingly refreshing refresh

Wednesday, May 8th

Chinese Hackers Deployed Backdoor Quintet to Down MITRE
Apple announces M4 with more CPU cores and AI focus
Boeing says workers skipped required tests on 787 but recorded work as completed
Ransomware mastermind LockBitSupp has been ID’d
OpenAI’s flawed plan to flag deepfakes ahead of 2024 elections

Tuesday, May 7th

Indian police adopt facial recognition despite risk of massive data breaches
Cybersecurity Workforce Sustainability Has a Problem
New Cuckoo macOS malware can take over all Macs and steals your passwords too
Apple’s iPhone Spyware Problem Is Getting Worse
Tesla announces fourth round of layoffs in four weeks
New Microsoft AI model may challenge GPT-4 and Google Gemini
Novel attack against virtually all VPN apps neuters their entire purpose
Hackers discover how to reprogram NES Tetris from within the game

Monday, May 6th

NASA hasn’t landed on the Moon in decades—China just sent its third in six years
Counterfeit Cisco gear ended up in US military bases, used in combat operations
Microsoft plans to lock down Windows DNS like never before. Here’s how.
These dangerous scammers don’t even bother to hide their crimes

Friday, May 3rd

Iranian state-backed cyber spies continue to impersonate media brands, think tanks
Malware attacks on Docker Hub spread millions of malicious repositories
Want to Buy a Decommissioned Supercomputer? Here’s Your Chance
Maximum-severity GitLab flaw allowing account hijacking under active exploitation
Would You Still Use Google if It Didn't Pay Apple $20 Billion to Get on Your iPhone?

Thursday, May 2nd

Nvidia's flagship gaming GPU can crack complex passwords in under an hour
The US Government Is Asking Big Tech to Promise Better Cybersecurity
Email reveals Microsoft's rushed decision to invest in OpenAI
Anthropic releases Claude AI chatbot iOS app
Hacker free-for-all fights for control of home and office routers everywhere

Wednesday, May 1st

Two giants in the satellite telecom industry join forces to counter Starlink
The Dangerous Rise of GPS Attacks
China Has a Controversial Plan for Brain-Computer Interfaces
DEA to reclassify marijuana as a lower-risk drug, reports say

Tuesday, April 30th

Tesla Partners with Baidu for Full Self-Driving Rollout in China