1. Forum
  2. FidoNet Int
  3. politics

  • A new Linux backdoor is h

    From Mike Powell@1:2320/105 to All on Thu Feb 27 10:09:00 2025
    A new Linux backdoor is hitting US universities and governments

    Date:
    Wed, 26 Feb 2025 16:02:00 +0000

    Description:
    Auto-color granted its operators full access to compromised endpoints,
    allowing them to run malware remotely, and more.

    FULL STORY ======================================================================
    - Unit 42 spots a new Linux malware
    - Auto-color can grant the attackers full access to compromised endpoints
    - Initial infection vector is unknown, but universities and governments hit

    Universities and government offices in North America and Asia are being targeted by a brand new Linux backdoor called Auto-color, experts have
    claimed.

    Cybersecurity researchers from Palo Alto Networks' Unit 42 revealed in early November 2024, it came across a backdoor which was relatively difficult to spot, and impossible to remove without specialized software.

    The backdoor was capable of opening a reverse shell to give the attackers
    full remote access, running arbitrary commands on the target system,
    tampering with local files, acting as a proxy, or dynamically modifying its configuration. The malware also comes with a kill switch, which allows the threat actors to remove all evidence of compromise and thus make analysis and forensics more difficult.

    Dangerous threat

    Given its advanced obfuscation features, and an extensive list of dangerous capabilities, Auto-color was described as a very dangerous threat. However, Unit 42 could not attribute it to any known threat actor, nor did it want to discuss the victims in more detail. Therefore, we dont know how many organizations were infected, nor what the end goal of the campaign is.

    Whats also unknown is how the victims got infected in the first place. Unit
    42 says the initial infection vector is unknown, but added it has to start
    with the victim executing a file on the target system. The file usually has a benign name, such as door, log, or egg.

    Linux malware is becoming more sophisticated and widespread due to increased Linux adoption in cloud computing, enterprise servers, and IoT devices. Cybercriminals are shifting focus from traditional Windows targets to include Linux environments, exploiting misconfigurations, unpatched vulnerabilities, and weak security practices.

    The rise of malware-as-a-service (MaaS) and automated attack tools also makes Linux-based threats more effective, as well.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-new-linux-backdoor-is-hitting-us-univ ersities-and-governments

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)