Intezer Labs researchers discovered that systems running on Linux are being backdoored with the new OrBit malware that not only enables stealthy data exfiltration but also performs process infection, according to BleepingComputer.
Systems compromised with the OrBit malware have their LD_PRELOAD environment variable modified to facilitate shared library hijacking, the Intezer report showed.
"The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands. Once the malware is installed it will infect all of the running processes, including new processes, that are running on the machine," wrote researcher Nicole Fishbein.
OrBit's emergence follows the recent wave of Linux-targeted malware, including Symbiote, BPFDoor, and Syslogk, which do not have OrBit's dependence on files for data storage.
"What makes this malware especially interesting is the almost hermetic hooking of libraries on the victim machine, that allows the malware to gain persistence and evade detection while stealing information and setting SSH backdoor," Fishbein added.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.