cybersecurity

3651 readers

2 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Auto-Color: An Emerging and Evasive Linux Backdoor. (unit42.paloaltonetworks.com)

submitted 3 days ago by Tea@programming.dev to c/cybersecurity@infosec.pub

0 comments fedilink hide all child comments

Between early November and December 2024, Palo Alto Networks researchers discovered new Linux malware called Auto-color. We chose this name based on the file name the initial payload renames itself after installation.

The malware employs several methods to avoid detection, such as:

Using benign-looking file names for operating

Hiding remote command and control (C2) connections using an advanced technique similar to the one used by the Symbiote malware family

Deploying proprietary encryption algorithms to hide communication and configuration information

Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software.

This article will cover aspects of this new Linux malware, including installation, obfuscation and evasion features. We will also discuss its capabilities and indicators of compromise (IoCs), to help others identify this threat on their systems too.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here