Stealthy Linux rootkit found in the wild after going undetected for 2 years::Krasue infects telecom firms in Thailand using techniques for staying under the radar.

  • @raspberriesareyummy
    link
    English
    90
    edit-2
    1 year ago

    Zero useful info: what is the attack vector / vulnerability exploited? Without that info, this is useless

    • @[email protected]
      link
      fedilink
      English
      251 year ago

      SELinux, grsecurity, containers, keep your system updated and don’t run random untrustworthy code.

      • @TrickDacy
        link
        English
        151 year ago

        random untrustworthy code.

        Honestly, is there much code in the world which doesn’t meet this description? How do you propose we decide what is trustworthy? Every time I update my packages I’m getting possibly millions of new lines of code that I can’t possibly personally vet

        • @[email protected]
          link
          fedilink
          English
          91 year ago

          Keyword “Random”. The code for the packages that shipped for your os and for your user installed utilities are generally ‘trusted’ code since you sought out the install. It’s not bulletproof, but it’s a good start vs running any package that happens to land in your downloads folder.

          • @TrickDacy
            link
            English
            -1
            edit-2
            1 year ago

            Well, it’s not always so cut and dried. For example, do I need to research the maker of an app that looks useful? I don’t think most people on lemmy are the types to literally not care at all where software comes from, so I’m just trying to understand better how we can properly draw that line

        • @pete_the_cat
          link
          English
          31 year ago

          Those packages are vetted by multiple maintainers from different places, they’d all have to be in on it.

  • AutoTL;DRB
    link
    fedilink
    English
    71 year ago

    This is the best summary I could come up with:


    Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday.

    Researchers from security firm Group-IB have named the remote access trojan “Krasue,” after a nocturnal spirit depicted in Southeast Asian folklore “floating in mid-air, with no torso, just her intestines hanging from below her chin.” The researchers chose the name because evidence to date shows it almost exclusively targets victims in Thailand and “poses a severe risk to critical systems and sensitive data given that it is able to grant attackers remote access to the targeted network.

    It then proceeds to hook the syscall, network-related functions, and file listing operations, thereby obscuring its activities and evading detection.

    Rootkits are a type of malware that hides directories, files, processes, and other evidence of its presence to the operating system it’s installed on.

    By hooking legitimate Linux processes, the malware is able to suspend them at select points and interject functions that conceal its presence.

    Intercepting the kill() syscall also allows the trojan to survive Linux commands attempting to abort the program and shut it down.


    The original article contains 288 words, the summary contains 192 words. Saved 33%. I’m a bot and I’m open source!

    • @[email protected]
      link
      fedilink
      English
      33
      edit-2
      1 year ago

      The most incredible part of this is it isn’t even a Linux flaw. The key to this exploit is downloading shit software, an issue that exists universally on any operating system (especially Windows).

      How to mitigate the risk? Don’t let your idiot user download malware.

    • @[email protected]
      link
      fedilink
      English
      131 year ago

      I’m assuming this meme wasn’t meant all too serious by the poster (but judging by the downvotes quite a few people took it seriously).

      However, it’s not like Linux is magically immune to security vulnerabilities. It’d be foolish to think your system is invulnerable just because you’re using a Linux distribution.

      • @[email protected]
        link
        fedilink
        English
        91 year ago

        Sadly, too many Linux users still believe there are no viruses on Linux.

        You can blame Apples marketing.

        • @eronth
          link
          English
          21 year ago

          There’s also a large number of Linux users that act like it’s infinitely easy and complication free.

          • @orrk
            link
            English
            11 year ago

            with certain distros it is, now don’t expect that from all of them tho