The Hacker News reports that malicious actors could leverage the novel Linux malware dubbed "Lightning Framework" to facilitate rootkit installation.
Attackers using Lightning Framework could open SSHs on infected machines and enable polymorphic malleable command and control configuration, according to an Intezer report. The framework also features the "kbioset" downloader used for plugin retrieval from a remote server, which will then be used by the core "kkdmflush" module.
"The main function of the downloader module is to fetch the other components and execute the core module," wrote researcher Ryan Robinson.
Meanwhile, needed commands are then fetched by the core module from the command-and-control server for plugin execution while concealing its operations. An initialization script is then established to ensure persistence.
"The Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux," Robinson added. Lightning Framework marks the fifth Linux malware identified within the last quarter.
The surge comes after malicious actors impersonated well-known brands, such as Adobe Reader and Microsoft Teams, to deliver numerous malware strains, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer and Vidar.
At least 1,200 Redis database servers worldwide have been compromised by a sophisticated piece of malware since September 2021, while more than 2,800 uninfected servers remain at high risk of exploitation.