New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

December 13, 2024 at 04:45AM Researchers have identified a sophisticated Linux rootkit named PUMAKIT, capable of privilege escalation and evasion from detection. It uses multi-stage architecture, advanced stealth techniques, and hooks into system calls to conceal its presence while communicating with command-and-control servers. This highlights increasing malware complexity on Linux systems. **Meeting Takeaways from December … Read more

New stealthy Pumakit Linux rootkit malware spotted in the wild

December 12, 2024 at 05:38PM A newly discovered Linux rootkit malware, Pumakit, incorporates stealth and privilege escalation techniques. It consists of multiple components, including a dropper and kernel/userland rootkits. Discovered by Elastic Security, it targets older Linux kernels for espionage and theft, employing sophisticated infection methods and hiding capabilities from system tools and logs. ### … Read more

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

September 19, 2024 at 10:30AM A recent report by Group-IB researchers reveals that the cryptojacking operation TeamTNT has reappeared, targeting Virtual Private Server infrastructures using CentOS. The attack involves SSH brute force, malicious script uploads, and deploying the Diamorphine rootkit for concealing processes and establishing remote access. TeamTNT, active since 2019, has unveiled a new … Read more

Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

August 19, 2024 at 03:15AM A critical privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock, tracked as CVE-2024-38193, was exploited by North Korean state-sponsored actor Lazarus Group. The flaw allowed unauthorized access to sensitive system areas and was addressed in Microsoft’s Patch Tuesday update. The attacks also involved the use of … Read more

UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs

June 20, 2024 at 01:49PM Threat actor UNC3886, suspected to be Chinese, uses open-source rootkits like ‘Reptile’ and ‘Medusa’ on VMware ESXi virtual machines to conduct credential theft, command execution, and lateral movement. Mandiant tracked UNC3886’s attacks on government organizations and revealed their recent use of rootkits, custom malware tools, and attacks targeting various industries … Read more

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack

February 29, 2024 at 06:45AM Cybersecurity firm Avast reported that the North Korean group Lazarus exploited a Windows zero-day vulnerability, CVE-2024-21338, using a rootkit called FudModule for privilege escalation. Microsoft patched the flaw but initially did not list it as a zero-day. The attack aimed at evading detection and included a new variant of the … Read more

Redis Servers Targeted With New ‘Migo’ Malware

February 21, 2024 at 07:45AM New malware targets Redis servers with a user mode rootkit and cryptocurrency miners, bypassing security measures and deploying a Golang-based malware ‘Migo’. The attacks utilize persistence mechanisms, rootkit ‘libprocesshider’, and obfuscation to evade detection. Threat actors demonstrate evolving capabilities with both established and new techniques targeting Redis servers. Key takeaways … Read more

PurpleFox malware infected thousands of systems in Ukraine

February 1, 2024 at 12:15PM CERT-UA warns of the PurpleFox malware infecting over 2,000 Ukrainian computers with potential backdoor, DDoS, and downloader capabilities. It utilizes a rootkit to persist and conceal its presence. CERT-UA provides methods to detect and remove the malware, including checking network connections, registry values, event logs, and specific file locations, and … Read more