June 9 — A collaborative cyber security research initiative has led to the discovery of Symbiote, a new Linux malware type that’s almost impossible to detect. Researchers believe that it may have been developed for the purpose of targeting financial institutions in Latin America. It was first observed several months ago.
The Symbiote malware acquired its name on account of its “parasitic nature.” In contrast with typical Linux malware, which ordinarily attempts to compromise running processes, this malware acts as a shared object (SO) library that is loaded on all running processes via LD_PRELOAD.
In a “parasitic” way, the shared object library attempts to compromise target machines. Once it has made its way into the system, the malware provides hackers with rootkit functionality.
According to researchers, the malware contains several interesting features. For instance, the malware leverages Berkeley Packet Filtering (BPF) hooking. This hides malicious traffic on an infected machine. Previously, BPF has been used in malware developed by the Equation Group.
The malware is new and considered very evasive. Researchers remain uncertain as to whether Symbiote is being deployed in targeted or broad attacks, if at all. One of the malware’s most ‘impressive’ facets is its stealth.
For more information about this new Linux malware type, click here. Lastly, to receive cutting-edge cyber security news, timely insights, cutting-edge analyses and security resources, please sign up for the CyberTalk.org newsletter.