New Linux/Windows Malware Allows Arbitrary Execution of Shell Commands
“Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines,” stories Bleeping Computer:
The malware dubbed ACBackdoor is evolved via a danger staff with revel in in creating malicious equipment for the Linux platform according to the upper complexity of the Linux variant as Intezer safety researcher Ignacio Sanmillan discovered. “ACBackdoor supplies arbitrary execution of shell instructions, arbitrary binary execution, endurance, and replace features,” the Intezer researcher discovered.
Both variants proportion the similar command and keep an eye on (C2) server however the an infection vectors they use to contaminate their sufferers are other: the Windows model is being driven thru malvertising with the lend a hand of the Fallout Exploit Kit whilst the Linux payload is dropped by the use of a but unknown supply device… Besides infecting sufferers by the use of an unknown vector, the Linux malicious binary is detected via just one of the anti-malware scanning engines on VirusTotal on the time this newsletter was once printed, whilst the Windows one is detected via 37 out of 70 engines. The Linux binary could also be extra complicated and has further malicious features, even supposing it stocks a equivalent keep an eye on drift and good judgment with the Windows model…
ACBackdoor can obtain the data, run, execute, and replace instructions from the C2 server, permitting its operators to run shell instructions, to execute a binary, and to replace the malware at the inflamed device.
The article warns that the Linux model will hide itself because the Ubuntu UpdateNotifier software, renaming its procedure because the Linux kernel thread [kworker/u8:7-ev].