Deluxe company -

ESET Uncovers New Linux Malware: What You Need to Know 

November 29, 2024
Linux Malware
Deluxe company -

ESET Uncovers New Linux Malware

ESET has recently uncovered a new type of malware targeting the Linux operating system, named WolfsBane(Linux Malware), which has been linked to a group known as Gelsemium. This malware is categorized as an all-in-one solution because it contains a dropper, a launcher, and a backdoor, enabling it to perform multiple functions without needing outside assistance.

WolfsBane includes a dropper identified as cron, which disguises the launcher as a KDE desktop component. It can disable SELinux if required, create necessary system service files, and modify configurations for persistence. Furthermore, it integrates the Hider rootkit, which can intercept various system calls like open, stat, readdir, and access, ultimately allowing its operators to exert control over compromised systems.

While ESET has not definitively identified how the attackers are deploying this malware, they suspect it exploits a previously unknown web application vulnerability. WolfsBane’s primary targets seem to be located in East Asia and the Middle East. The threats from Gelsemium are ongoing, having been active since 2014.

In conjunction with WolfsBane, another backdoor named FireWood has also been discovered within a kernel driver module called usbdev.ko. FireWood operates as a rootkit to conceal processes and utilizes an encrypted configuration file named kdeinit, which allows it to rename its processes based on the contents of that file.

ESET has indicated that while they are still piecing together the full picture, the presence of multiple webshells and tactical patterns resembling past operations of the Gelsemium group suggests a serious threat environment, warranting attention from Linux users and administrators in Linux Malware.

For further details, you can read ESET’s analysis here.

ColoCrossing excels in providing enterprise Colocation Services, Dedicated Servers, VPS, and a variety of Managed Solutions, operating from 8 data center locations nationwide. We cater to the diverse needs of businesses of any size, offering tailored solutions for your unique requirements. With our unwavering commitment to reliability, security, and performance, we ensure a seamless hosting experience.

For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@colocrossing.com.

Deluxe company - 

 
Samantha Rattner
Samantha Rattner

Introducing our expert author with a wealth of knowledge in VPS Hosting, Dedicated Servers, and Colocation. With years of experience, she's your go-to source for cutting-edge insights on optimizing your hosting infrastructure. Unlock the potential of your digital presence with her in-depth articles and expert advice, as she guides you through the intricacies of VPS hosting, dedicated servers, and colocation solutions. Stay ahead in the ever-evolving world of web hosting with her valuable expertise.

Popular Stories

 
Transitioning from Equinix to ColoCrossing’s. December 10, 2024
 
Exploring the Best New Additions and Features of W. December 9, 2024
 
End of Linux Kernel 6.11 | Upgrade to Linux Kernel. December 6, 2024
 
AMD EPYC | The Processor Choice for Modern Dedicat. December 5, 2024
 
ColoCrossing’s Tailored Hosting Provider | Empow. December 4, 2024
 
Nitrux 3.8 Launches with Linux Kernel 6.12, Enhanc. December 3, 2024

Subscribe to Email

[wpens_easy_newsletter firstname="no" lastname="no" button_text="Subscribe"]

Recent Tweets

Categories