New Linux malware called Symbiote, which is nearly impossible to detect, attacked Latin American financial sectors – and the threat actors behind it may have ties to Brazil. The meaning of the word Symiote is to replicate. Venom is a fancy Hollywood example of a Symbiote.
Linux was once viewed as the most secure operating system. As computer science knowledge increases, malware attacks are on the rise.
What does this new Symbiote Linux Malware Do?
The Symbiote malware replicates itself into a Linux operating system and steals credentials that allow it to access victim machines remotely. It uses the LD_Preload Linux file to load itself into a machine’s running processes. According to researchers from BlackBerry Research & Intelligence team and Intezer, Symbiote is unusual because it doesn’t use executable files. After infecting all the running processes, it provides rootkit functionality, credential harvesting, and remote access capabilities to the threat actor. The researchers have no idea if this malware is being used as a targeted attack or for larger-scale attack campaigns.
Symbiote Malware Detection?
New viruses are difficult to detect. However, researchers suggest network monitoring tools can identify malicious traffic and contaminated Linux systems.
According to a blog from Blackberry, the virus has the functionality to hide network activity on the infected machine. It is likely that some endpoint tools can detect malicious changes on infected systems.
Symbiote Malware Deletion?
In network telemetry, we can detect viruses by reviewing anomalies in DNS requests. Anti-virus and endpoint detection and response (EDR) tools can prevent attacks on Linux systems affected by userland rootkits.
Here is a report that discusses a combination of techniques by Blackberry and Intezer. IT administrators should use these tools to enhance Linux security.
Some general ways to prevent viruses on your Linux terminal can include:
- Installing ClamAV antivirus Daemon on your Linux terminal
- Make use of Wireshark to monitor network traffic.
Want to read more? Check out our Guide on permanently Delete Your Telegram account by clicking here.