Never-before-seen Linux malware is “far more advanced than typical”

Never-before-seen Linux malware is “far more advanced than typical”

Tech3 months ago2.2K Views

Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers’ needs for each infected machine. These modules can provide additional stealth and specific tools for reconnaissance, privilege escalation, and lateral movement inside a compromised network. The components can be easily added or removed as objectives change over the course of a campaign. A focus on Linux inside the cloud VoidLink can target machines within popular cloud services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent, and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases. To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor’s API.Read full article Comments Ars Technica – All content

Upvote0PointsDownvote

0 Votes: 0 Upvotes, 0 Downvotes (0 Points)

Donations
Join Us
  • Follow Us On X Network
  • Follow Us On Youtube
  • Follow Us On Tik Tok

Stay Informed With the Latest & Most Important News

I consent to receive newsletter via email. For further information, please review our Privacy Policy

Advertisement

Loading Next Post...
Follow
Search Trending
Popular Now
Show More
Scroll up to Top
Loading

Signing-in 3 seconds...

All fields are required.