Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

Malcontent · May 15, 2024

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.
Click to expand...

FanJ · May 16, 2024

See also ESET article:
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain
14 May 2024 - by Marc-Etienne M.Léveillé
https://www.welivesecurity.com/en/e...rvers-compromised-cryptotheft-financial-gain/

One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft
Click to expand...

Read there more for analysis with .pdf document.

Rasheed187 · May 26, 2024

So much for Linux systems being way more secure. Turns out that you indeed need to protect them, just like you would with Windows.

wat0114 · May 26, 2024

It looks like credential stealing/stuffing is the root cause, since then the perpetrators can gain root access with authentic credentials to install the malware. This is where 2FA, stronger passwords with frequent changes, and not falling for phishing scams should help to avoid these attacks.

Rasheed187 · May 26, 2024

wat0114 said: ↑

It looks like credential stealing/stuffing is the root cause, since then the perpetrators can gain root access with authentic credentials to install the malware. This is where 2FA, stronger passwords with frequent changes, and not falling for phishing scams should help to avoid these attacks.
Click to expand...

Yes, but what about when malware is already running on Linux? Seems like you still need AV/EDR in order to spot this stuff. I'm guessing that these Linux servers simply aren't monitored for malware activity.

wat0114 · May 26, 2024

Rasheed187 said: ↑

I'm guessing that these Linux servers simply aren't monitored for malware activity.
Click to expand...

That seems to be the case here.

Log in or Sign up

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

Malcontent Registered Member

FanJ Updates Team

Rasheed187 Registered Member

wat0114 Registered Member

Rasheed187 Registered Member

wat0114 Registered Member

Log in or Sign up

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

Malcontent Registered Member

FanJ Updates Team

Rasheed187 Registered Member

wat0114 Registered Member

Rasheed187 Registered Member

wat0114 Registered Member

Useful Searches