linux malware
New FASTCash malware Linux variant helps steal money from ATMs
North Korean hackers are using a new Linux variant of the FASTCash malware to infect the payment switch systems of financial institutions and perform unauthorized cash withdrawals. Previous variants of FASTCash targeted Windows and IBM AIX (Unix) systems, but a new report by security researcher HaxRob reveals a previously undetected Linux version that targets Ubuntu […]
Linux malware “perfctl” behind years-long cryptomining campaign
A Linux malware named “perfctl” has been targeting Linux servers and workstations for at least three years, remaining largely undetected through high levels of evasion and the use of rootkits. According to Aqua Nautilus researchers who discovered perfctl, the malware likely targeted millions of Linux servers in recent years and possibly caused infections in several […]
New Linux malware Hadooken targets Oracle WebLogic servers
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named “Hadooken,” which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. The access obtained may also be used to execute ransomware attacks on Windows systems. Researchers at container security solution company Aqua Security observed such an attack on a […]
Stealthy ‘sedexp’ Linux malware evaded detection for two years
A stealthy Linux malware named ‘sedexp’ has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. The malware was discovered by risk management firm Stroz Friedberg, an Aon Insurance company, and enables its operators to create reverse shells for remote access and to further the the […]
VMware ESXi servers targeted by new Linux ransomware variant
A string of attacks on VMware ESXi servers were launched by the Play ransomware group, best known for its double-extortion tactics. In a July 19 blog post, Trend Micro researchers said most of the attacks have been concentrated in the United States. The researchers explained that the ransomware will first verify if it’s running on […]