Intezer Documents Powerful ‘Lightning Framework’ Linux Malware By Orbit Brain July 22, 2022 0 320 views Cyber Security News Residence › CyberwarfareIntezer Paperwork Highly effective ‘Lightning Framework’ Linux MalwareBy Ionut Arghire on July 22, 2022TweetSafety researchers at Intezer are documenting the invention of a strong piece of Linux malware that may keep undetected and has the flexibility to put in rootkits.Dubbed Lightning Framework, the menace is described as a Swiss Military Knife-like piece of malware that has a modular design and a plethora of capabilities not often seen in malware concentrating on Linux programs.The malware structure features a downloader, a core module, and a number of plugins that increase its performance, a few of that are open supply instruments, in response to documentation printed by Intezer.The framework makes use of completely different modules for persistence, SSH connection (utilizing OpenSSH with hardcoded keys), community visitors evaluation (open supply Nethogs) and remark (iftop), and IP community monitoring (IPTraf). Two rootkit modules are additionally referenced within the framework’s code.The an infection chain begins with the downloader module executing the core module and dropping further parts.[ READ: How Linux Became the New Bullseye for Bad Guys ]The downloader checks if it runs from a selected working listing and relocates itself to it if not, and may fingerprint the host title and community adapters – to generate a GUID that it sends to the command-and-control (C&C) server.In response to Intezer, the malware makes an attempt to stay undetected through the use of typosquatting and masquerading with referencing seahorses to masquerade the seahorse password and key supervisor.Lightning’s core module can execute plugins, helps instructions acquired from the C&C server, and achieves persistence by making a script to run the downloader at system boot. It additionally generates a GUID utilizing the identical method because the downloader.To keep away from detection, the malware adjustments the title of the calling thread to kdmflush – to pose as a kernel thread, modifies the timestamps of the persistency script and of different information to match that of whoami, discover, or su, and hides its Course of ID (PID) and associated community ports.Primarily based on instructions from the server, the core module can fingerprint the machine, run shell instructions, execute plugins, test entry to a file, confirm and write file contents, delete information or paths, terminate its course of, take away the framework, replace the framework utilizing the downloader, fetch a configuration file, overwrite information, or write one of many two rootkits.Lightning makes use of TCP sockets for community communication, with the C&C saved in a polymorphic encoded configuration file distinctive for every creation, to keep away from detection. A passive communication mode can be supported, utilizing the OpenSSH daemon with hardcoded keys, which primarily creates a secondary backdoor.Associated: Avast: New Linux Rootkit and Backdoor Align CompletelyAssociated: Extremely-Evasive Linux Malware ‘Symbiote’ Infects All Working ProcessesAssociated: Chinese language Researchers Element Linux Backdoor of NSA-Linked Equation GroupAssociated: How Linux Turned the New Bullseye for Unhealthy Guys Get the Each day Briefing Most CurrentMost LearnSonicWall Warns of Essential GMS SQL Injection VulnerabilityChrome Flaw Exploited by Israeli Adware Agency Additionally Impacts Edge, SafariIntezer Paperwork Highly effective ‘Lightning Framework’ Linux MalwareNew Default Account Lockout Coverage in Home windows 11 Blocks Brute Power AssaultsEdge Administration and Orchestration Agency Zededa Raises $26 MillionNew Cross-Platform ‘Luna’ Ransomware Solely Supplied to Russian AssociatesCode Execution and Different Vulnerabilities Patched in DrupalMicrosoft Resumes Rollout of Macro Blocking FunctionUnderstanding the Evolution of Cybercrime to Predict its FutureRomanian Operator of Bulletproof Internet hosting Service Extradited to the USOn the lookout for Malware in All of the Unsuitable Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act Via Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice Yr To Be a Scammer.Do not Let DNS be Your Single Level of FailureEasy methods to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingEasy methods to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise intezer Lightning Framework Linux malware modular rootkit ssh undetected Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
HUMAN Security and PerimeterX Merge on Mission to Combat BotsIntroducing the Cyber Security News HUMAN Security and PerimeterX Merge on Mission to Combat Bots.... July 27, 2022 Cyber Security News
Google Blocks Record-Setting DDoS Attack That Peaked at 46 Million RPSIntroducing the Cyber Security News Google Blocks Record-Setting DDoS Attack That Peaked at 46 Million RPS.... August 20, 2022 Cyber Security News
Researchers Flag ‘Significant Escalation’ in Software Supply Chain AttacksIntroducing the Cyber Security News Researchers Flag ‘Significant Escalation’ in Software Supply Chain Attacks.... July 6, 2022 Cyber Security News
Associated Eye Care Discloses Impact From 2020 Netgain Ransomware AttackIntroducing the Cyber Security News Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack.... July 11, 2022 Cyber Security News
FBI Warns of Surge in Attacks Targeting DeFi PlatformsIntroducing the Cyber Security News FBI Warns of Surge in Attacks Targeting DeFi Platforms.... August 30, 2022 Cyber Security News
Chinese Cyberspies Targeted Japanese Political Entities Ahead of ElectionsIntroducing the Cyber Security News Chinese Cyberspies Targeted Japanese Political Entities Ahead of Elections.... December 16, 2022 Cyber Security News