This new Linux malware is 'almost impossible' to detect
Symbiote is parasitic malware that provides rootkit-level functionality
A joint research effort has led to the discovery of Symbiote, a new form of Linux malware that is "almost impossible" to detect.
Symbiote has several interesting features. For example, the malware uses Berkeley Packet Filter (BPF) hooking, a function designed to hide malicious traffic on an infected machine. BPF is also used by malware developed by the Equation Group.
The malware is pre-loaded before other shared objects, allowing it to hook specific functions β including libc and libpcap β to hide its presence. Other files associated with Symbiote are also concealed and its network entries are continually scrubbed.
https://www.zdnet.com/article/this-new-linux-malware-is-almost-impossible-to-detect/
#linux #symbiote #malware
Symbiote is parasitic malware that provides rootkit-level functionality
A joint research effort has led to the discovery of Symbiote, a new form of Linux malware that is "almost impossible" to detect.
Symbiote has several interesting features. For example, the malware uses Berkeley Packet Filter (BPF) hooking, a function designed to hide malicious traffic on an infected machine. BPF is also used by malware developed by the Equation Group.
The malware is pre-loaded before other shared objects, allowing it to hook specific functions β including libc and libpcap β to hide its presence. Other files associated with Symbiote are also concealed and its network entries are continually scrubbed.
https://www.zdnet.com/article/this-new-linux-malware-is-almost-impossible-to-detect/
#linux #symbiote #malware
ZDNET
This new Linux malware is 'almost impossible' to detect
Symbiote is parasitic malware that provides rootkit-level functionality.