New Linux malware hides in cron jobs with invalid dates November 25, 2021 Sansec: CronRAT malware hides behind February 31st
So much for not needing any third party tools to protect systems based on Linux/Unix LOL. However, it isn't explained how the malware was installed, was this done via remote code execution, or was it simply an insider attack?
No tool would have protected against this, as it is completely new. Furthermore, when antivirus engines start detecting something, the malware writers have already developed a new variant and the cycle starts again. So nothing to be afraid of if you're just a desktop user. (and if you are afraid, then just block the command and control server 47.115.46.167 located in China) In fact most Linux malware is targeted against web servers and especially unpatched ones are vulnerable. This was a shell script, so probably a dumb user clicked on an email attachment. End user awareness is crucial.
As I'm just a desktop Ubuntu user I don't view this malware as a real threat. Although I also don't believe in feeding trolls.
You're right about that. But since @Rasheed187 usually posts non-trollish things, I felt the need to answer. I'll try to avoid that in the future.
But in the end it did take an AV to spot it right? There is always a chance that some new malware sample will slip true defense systems. But this is now the second high profile stealth attack on Linux servers that I read about. Hmmm, sounds a lot like Windows. I had hoped this attack would require more sophistication. You can call it trolling, I call it stating facts. Unix isn't as secure as certain people think. This must be difficult to accept for Unix fanboys LOL. But I'm sure you guys will get over it, some day.
Thanks for the link, interesting stuff. And BTW, this is what I talked about, it was an attack on Linux and Solaris servers, used to spy on telecom companies, see link. No wonder that more and more security companies are beginning to focus on Unix based systems. For example, Microsoft Defender ATP now also protects macOS systems. https://www.bleepingcomputer.com/ne...oup-breaches-13-global-telecoms-in-two-years/
Here is some more info, it's kinda ironic, Unix based systems being protected by M$ LOL. But this type of stuff is needed to tackle these kind of attacks, I'm afraid this is the harsh reality. https://www.bleepingcomputer.com/ne...r-atp-adds-live-response-for-linux-and-macos/
New malware hides as legit nginx process on e-commerce servers December 2, 2021 Sansec: NginRAT parasite targets Nginx
Thanks for the heads up, it truly is a bit shocking how stealth this malware operate. But perhaps I shouldn't be as surprised, because most Windows attack vectors will also work on systems like Linux and macOS, see link. https://attack.mitre.org/matrices/enterprise/linux/