Linux servers are being targeted by the new Mlofe, which has been associated with Chinese state-sponsored advanced persistent threat operations APT41, also known as Winnti, and Earth Berberoka, also known as GamblingPuppet, The Hacker News reports. Mlofe enabled the deployment of a Reptile-based kernel-mode rootkit, with both implant and rootkit installation facilitated by shell commands for installer and custom binary package downloads, according to an Exatrack report. The report showed that aside from having remote server communication and file operation execution capabilities, Mlofe also allows socket creation, shell launches, and arbitrary command execution. Meanwhile, researchers were also able to discover the AlienReverse implant, which has a similar code to Mlofe. "The capabilities offered by Mlofe are relatively simple, but may enable adversaries to conduct their attacks under the radar. These implants were not widely seen, showing that the attackers are likely limiting its usage to high value targets," said Exatrack.