This new Linux malware is 'almost impossible' to detect

Symbiote is parasitic malware that provides rootkit-level functionality

A joint research effort has led to the discovery of Symbiote, a new form of Linux malware that is "almost impossible" to detect.

Symbiote has several interesting features. For example, the malware uses Berkeley Packet Filter (BPF) hooking, a function designed to hide malicious traffic on an infected machine. BPF is also used by malware developed by the Equation Group.

The malware is pre-loaded before other shared objects, allowing it to hook specific functions – including libc and libpcap – to hide its presence. Other files associated with Symbiote are also concealed and its network entries are continually scrubbed.

https://www.zdnet.com/article/this-new-linux-malware-is-almost-impossible-to-detect/

#linux #symbiote #malware

Paragon Graphite is a Pegasus spyware clone used in the US –

The US government banned the use of NSO’s Pegasus spyware 18 months ago, but a new report today says that at least one government agency is using very similar malware from a rival company: Paragon Graphite.

According to four [industry figures], the US Drug Enforcement and Administration Agency is among the top customers for Paragon’s signature product nicknamed Graphite.

The #malware surreptitiously pierces the protections of modern smartphones and evades the encryption of messaging apps like #Signal or #WhatsApp, sometimes harvesting the data from cloud backups – much like Pegasus does.

#spyware #US #Clone #Pegasus #NSO #DEA #ParagonGraphite #Paragon