Intezer Labs researchers discovered that systems running on Linux are being backdoored with the new OrBit malware that not only enables stealthy data exfiltration but also performs process infection, according to BleepingComputer.
Systems compromised with the OrBit malware have their LD_PRELOAD environment variable modified to facilitate shared library hijacking, the Intezer report showed.
"The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands. Once the malware is installed it will infect all of the running processes, including new processes, that are running on the machine," wrote researcher Nicole Fishbein.
OrBit's emergence follows the recent wave of Linux-targeted malware, including Symbiote, BPFDoor, and Syslogk, which do not have OrBit's dependence on files for data storage.
"What makes this malware especially interesting is the almost hermetic hooking of libraries on the victim machine, that allows the malware to gain persistence and evade detection while stealing information and setting SSH backdoor," Fishbein added.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news