• Latest
  • Trending
New stealthy OrBit malware steals data from Linux devices

New stealthy OrBit malware steals data from Linux devices

July 8, 2022
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Sunday, 4 June, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

New stealthy OrBit malware steals data from Linux devices

by ITECHNEWS
July 8, 2022
in Infosec, Leading Stories
0 0
0
New stealthy OrBit malware steals data from Linux devices

A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine.

Dubbed OrBit by Intezer Labs security researchers who first spotted it, this malware hijacks shared libraries to intercept function calls by modifying the LD_PRELOAD environment variable on compromised devices.

YOU MAY ALSO LIKE

ATC Ghana supports Girls-In-ICT Program

Vice President Dr. Bawumia inaugurates ICT Hub

While it can gain persistence using two different methods to block removal attempts, OrBit can also be deployed as a volatile implant when copied in shim-memory.

It can also hook various functions to evade detection, control process behavior, maintain persistence by infecting new processes, and hide network activity that would reveal its presence.

For instance, once it injects into a running process, OrBit can manipulate its output to hide any traces of its existence by filtering out what gets logged.

“The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands,” Intezer Labs security researcher Nicole Fishbein explained.

“Once the malware is installed it will infect all of the running processes, including new processes, that are running on the machine.”

Although OrBit’s dropper and payload components were completely undetected by antivirus engines when the malware was first spotted, some anti-malware vendors have since updated their products to warn customers of its presence.

OrBit payload detection
OrBit payload undetected on VirusTotal (Intezer Labs)

Linux malware surge?

OrBit is not the first highly-evasive Linux malware that has surfaced recently, capable of using similar approaches to fully compromise and backdoor devices.

Symbiote also uses the LD_PRELOAD directive to load itself into running processes, acting as a system-wide parasite and leaving no signs of infection.

BPFDoor, another recently spotted malware targeting Linux systems, camouflages itself by using the names of common Linux daemons, which helped it remain undetected for more than five years.

Both these strains use BPF (Berkeley Packet Filter) hooking functionality to monitor and manipulate network traffic which helps hide their communication channels from security tools.

A third Linux malware, a rootkit under heavy development dubbed Syslogk and unveiled by Avast researchers last month, can force-load its own modules into the Linux kernel, backdoor compromised machines, and hide directories and network traffic to evade detection.

Even though not the first or the most original malware strain targeting Linux lately, OrBit still comes with its share of capabilities that set it apart from other threats.

“This malware steals information from different commands and utilities and stores them in specific files on the machine. Besides, there is an extensive usage of files for storing data, something that was not seen before,” Fishbein added.

“What makes this malware especially interesting is the almost hermetic hooking of libraries on the victim machine, that allows the malware to gain persistence and evade detection while stealing information and setting SSH backdoor.”

Source: Sergiu Gatlan
Via: bleepingcomputer
Tags: New stealthy OrBit malware steals data from Linux devices
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version