Intezer Documents Powerful ‘Lightning Framework’ Linux Malware By Orbit Brain July 22, 2022 0 255 views Residence › CyberwarfareIntezer Paperwork Highly effective ‘Lightning Framework’ Linux MalwareBy Ionut Arghire on July 22, 2022TweetSafety researchers at Intezer are documenting the invention of a strong piece of Linux malware that may keep undetected and has the flexibility to put in rootkits.Dubbed Lightning Framework, the menace is described as a Swiss Military Knife-like piece of malware that has a modular design and a plethora of capabilities not often seen in malware concentrating on Linux programs.The malware structure features a downloader, a core module, and a number of plugins that increase its performance, a few of that are open supply instruments, in response to documentation printed by Intezer.The framework makes use of completely different modules for persistence, SSH connection (utilizing OpenSSH with hardcoded keys), community visitors evaluation (open supply Nethogs) and remark (iftop), and IP community monitoring (IPTraf). Two rootkit modules are additionally referenced within the framework’s code.The an infection chain begins with the downloader module executing the core module and dropping further parts.[ READ: How Linux Became the New Bullseye for Bad Guys ]The downloader checks if it runs from a selected working listing and relocates itself to it if not, and may fingerprint the host title and community adapters – to generate a GUID that it sends to the command-and-control (C&C) server.In response to Intezer, the malware makes an attempt to stay undetected through the use of typosquatting and masquerading with referencing seahorses to masquerade the seahorse password and key supervisor.Lightning’s core module can execute plugins, helps instructions acquired from the C&C server, and achieves persistence by making a script to run the downloader at system boot. It additionally generates a GUID utilizing the identical method because the downloader.To keep away from detection, the malware adjustments the title of the calling thread to kdmflush – to pose as a kernel thread, modifies the timestamps of the persistency script and of different information to match that of whoami, discover, or su, and hides its Course of ID (PID) and associated community ports.Primarily based on instructions from the server, the core module can fingerprint the machine, run shell instructions, execute plugins, test entry to a file, confirm and write file contents, delete information or paths, terminate its course of, take away the framework, replace the framework utilizing the downloader, fetch a configuration file, overwrite information, or write one of many two rootkits.Lightning makes use of TCP sockets for community communication, with the C&C saved in a polymorphic encoded configuration file distinctive for every creation, to keep away from detection. A passive communication mode can be supported, utilizing the OpenSSH daemon with hardcoded keys, which primarily creates a secondary backdoor.Associated: Avast: New Linux Rootkit and Backdoor Align CompletelyAssociated: Extremely-Evasive Linux Malware ‘Symbiote’ Infects All Working ProcessesAssociated: Chinese language Researchers Element Linux Backdoor of NSA-Linked Equation GroupAssociated: How Linux Turned the New Bullseye for Unhealthy Guys Get the Each day Briefing Most CurrentMost LearnSonicWall Warns of Essential GMS SQL Injection VulnerabilityChrome Flaw Exploited by Israeli Adware Agency Additionally Impacts Edge, SafariIntezer Paperwork Highly effective ‘Lightning Framework’ Linux MalwareNew Default Account Lockout Coverage in Home windows 11 Blocks Brute Power AssaultsEdge Administration and Orchestration Agency Zededa Raises $26 MillionNew Cross-Platform ‘Luna’ Ransomware Solely Supplied to Russian AssociatesCode Execution and Different Vulnerabilities Patched in DrupalMicrosoft Resumes Rollout of Macro Blocking FunctionUnderstanding the Evolution of Cybercrime to Predict its FutureRomanian Operator of Bulletproof Internet hosting Service Extradited to the USOn the lookout for Malware in All of the Unsuitable Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act Via Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice Yr To Be a Scammer.Do not Let DNS be Your Single Level of FailureEasy methods to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingEasy methods to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp intezer Lightning Framework Linux malware modular rootkit ssh undetected Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Binary Defense Raises $36 Million for MDR PlatformIntroducing the Cyber Security News Binary Defense Raises $36 Million for MDR Platform.... November 4, 2022 Cyber Security News
Google Patches Sixth Chrome Zero-Day of 2022Introducing the Cyber Security News Google Patches Sixth Chrome Zero-Day of 2022.... September 6, 2022 Cyber Security News
GitHub Introduces Private Vulnerability Reporting for Public RepositoriesIntroducing the Cyber Security News GitHub Introduces Private Vulnerability Reporting for Public Repositories.... November 12, 2022 Cyber Security News
Proofpoint: Watch Out for Nighthawk Hacking Tool AbuseIntroducing the Cyber Security News Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse.... November 23, 2022 Cyber Security News
Peiter ‘Mudge’ Zatko: The Wild Card in Musk’s Clash With TwitterIntroducing the Cyber Security News Peiter ‘Mudge’ Zatko: The Wild Card in Musk’s Clash With Twitter.... September 13, 2022 Cyber Security News
Cyber Insurance Analytics Firm CyberCube Raises $50 MillionIntroducing the Cyber Security News Cyber Insurance Analytics Firm CyberCube Raises $50 Million.... December 22, 2022 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 77
Ethereum Blockchain Now Has A Modernized Version of Bitcoin (BTC) But With A Much Lower SupplyMarch 9, 2024 71