March 1, 2024 at 06:15AM
Cybersecurity researchers have found a new Linux variant of the BIFROSE remote access trojan, using a deceptive domain mimicking VMware. The malware, active since 2004, has been linked to a state-backed group from China. The latest variant disguises as VMware and has shown increased activity since October 2023, signifying evolving and dangerous tactics.
Based on the meeting notes provided, the key takeaways are:
1. A new Linux variant of the remote access trojan BIFROSE has been discovered, which aims to bypass security measures and compromise targeted systems. It is notable for its use of a deceptive domain mimicking VMware.
2. BIFROSE has been active since 2004 and has been associated with a state-backed hacking group from China called BlackTech.
3. The latest variant of BIFROSE has seen a spike in activity since October 2023, with new variants employing deceptive domain strategies, highlighting the dangerous nature of this malware.
4. McAfee Labs detailed a new GuLoader campaign that propagates the malware through malicious SVG file attachments in email messages, indicating evolving tactics for broader reach and evasion.
5. These developments coincide with the release of a new version of the Warzone RAT and the arrests of two of its operators by the U.S. government.
Let me know if you need further assistance with this information or if there’s anything else I can help you with.