Symbiote Linux malware uses sophisticated techniques to hide and steal credentials
A recently discovered form of malware that infects Linux systems uses sophisticated techniques to hide and steal credentials.
As detailed today by researchers at BlackBerry Ltd., the previously undetectable “Symbiote” malware acts in a parasitic nature in that it needs to infect other running processes to inflict damage on infected machines. Symbiote is not a standalone executable file that is run to infect a machine but a shared object library that is loaded into all running processes to infect the machine.
Once Symbiote has infected all running processes, it delivers the attacker rootkit function with the ability to harvest credentials and remote access capability.
Symbiote, first detected in November 2021, was initially written to target the financial sector in Latin America. Upon successful infection, Symbiote hides itself and any other malware deployed, making infections hard to detect. Hard might be an understatement: According to the researchers, performing live forensics on an infected may not turn up anything since all the files, processes and network artifacts are hidden by the malware.
Malware targeting Linux systems is not new, but the stealth techniques used by Symbiote make it stand out. The malware is loaded by the linker via the LD_PRELOAD directive, allowing it to be loaded before any other shared objects. Since it’s loaded first, it can “hijack the imports” from the other library files loaded for the application. Symbiote uses this to hide its presence on the machine.
“Since the malware operates as a userland level rootkit, detecting an infection may be difficult,” researchers conclude. “Network telemetry can be used to detect anomalous DNS requests and security tools such as antivirus and endpoint detection and response should be statically linked to ensure they are not ‘infected’ by userland rootkits.”
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU