Linux devices compromised via PRoot utility exploitation

Linux devices are being hacked in Bring Your Own Filesystem attacks exploiting the open-source Linux PRoot utility, BleepingComputer reports. Such attacks involved the creation of a malicious filesystem that already includes the network scanning tools, the XMRig cryptominer, and configuration files prior to deployment, which is being facilitated by the PRoot utility, a Sysdig report showed. Through PRoot, threat actors would only have to execute the precompiled library downloaded from GitLab without having to execute additional setup commands. Malicious actors could also leverage PRoot to enable the download of other payloads that could allow more severe compromise. "Using PRoot, there is little regard or concern for the targets architecture or distribution since the tool smoothes out the attack struggles often associated with executable compatibility, environment setup, and malware and/or miner execution. It allows attackers to get closer to the philosophy of write once, run everywhere, which is a long sought-after goal," said Sysdig.