this post was submitted on 11 Dec 2023
188 points (97.0% liked)

Technology

58387 readers
4399 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
[email protected]
enu
[email protected]
L4s
188
Stealthy Linux rootkit found in the wild after going undetected for 2 years (arstechnica.com)
submitted 9 months ago by L4s to c/technology
22 comments fedilink hide all child comments
 

Stealthy Linux rootkit found in the wild after going undetected for 2 years::Krasue infects telecom firms in Thailand using techniques for staying under the radar.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 9 months ago

This is the best summary I could come up with:

Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday.

Researchers from security firm Group-IB have named the remote access trojan “Krasue,” after a nocturnal spirit depicted in Southeast Asian folklore “floating in mid-air, with no torso, just her intestines hanging from below her chin.” The researchers chose the name because evidence to date shows it almost exclusively targets victims in Thailand and “poses a severe risk to critical systems and sensitive data given that it is able to grant attackers remote access to the targeted network.

It then proceeds to hook the syscall, network-related functions, and file listing operations, thereby obscuring its activities and evading detection.

Rootkits are a type of malware that hides directories, files, processes, and other evidence of its presence to the operating system it’s installed on.

By hooking legitimate Linux processes, the malware is able to suspend them at select points and interject functions that conceal its presence.

Intercepting the kill() syscall also allows the trojan to survive Linux commands attempting to abort the program and shut it down.

The original article contains 288 words, the summary contains 192 words. Saved 33%. I'm a bot and I'm open source!