HiddenWasp, malware mai haɗari wanda ke shafar tsarin Linux

ɓoye-Linux-malware

da Masu Binciken Tsaro na Intezer Labarin sun gano Sabin Malware da nufin tsarin halittu na Linux. Malware ake kira 'HiddenWasp', Ana aiwatar da wannan don sarrafa tsarin Linux mai saurin kamuwa da cuta.

Kodayake ba bakon abu bane, kwararru kan harkokin tsaro na cibiyar sadarwa sun ambaci cewa barazanar tsaro da ke cikin tsarin Linux ba a san su sosai ba.

Kuma babban halayyar ita ce, waɗannan nau'ikan barazanar tsaro ba sa karɓar yaɗawa kamar waɗanda suka shafi tsarin Windows.

HiddenWasp barazanar cybersecurity ce da ake buƙatar magancewa, tun bayan wasu bincike, an kammala cewa yana da saurin ganowa 0% a cikin tsarin gano malware mafi amfani a duniya.

Malware ma an haɓaka daga manyan ɓangarorin lambar da aka yi amfani dasu a cikin Mirai da Azazel rootkit.

Lokacin da masu binciken suka gano cewa wadannan fayilolin ba su ganowa ta hanyar riga-kafi ba, ya bayyana cewa daga cikin fayilolin da aka loda akwai rubutun bash tare da daskararren Trojan binary.

Hakanan, maganin riga-kafi na Linux ba zai zama mai ƙarfi kamar na sauran dandamali ba.

Saboda haka, masu fashin kwamfuta masu niyyar tsarin Linux ba su da damuwa game da aiwatar da dabarun ɓarnatar da wuce gona da iri, saboda koda lokacin da aka sake amfani da lambar mai yawa, barazanar zata iya kasancewa a ƙarƙashin radar.

Game da Boye-ɓoye

Hiddenwasp yana da halaye na musamman saboda har yanzu malware tana aiki kuma tana da ƙimar gano sifili a cikin dukkan manyan tsarin riga-kafi.

Ba kamar Linux na yau da kullun ba, HiddenWasp baya mai da hankali kan aikin crypto ko DDoS ba. Yana da wani zalunci niyya kula da Trojan.

Bayanai na nuna babban yuwuwar cewa ana amfani da malware wajen kai hari ga wadanda abin ya shafa wadanda tuni suke karkashin ikon maharin, ko kuma wadanda suka sami karbuwa sosai.

Marubutan na HiddenWasp sun karɓi lambar adadi mai yawa daga shirye-shirye masu ɓarna iri iri da ake dasu a fili, kamar Mirai da Azazel rootkit.

Hakanan, akwai kamanceceniya tsakanin wannan malware da sauran iyalai malware na ƙasar China, duk da haka, ana yin sifa tare da ƙaramin kwarin gwiwa.

A cikin binciken, masanan sun gano cewa rubutun ya dogara da amfani da mai amfani mai suna 'sftp' tare da kalmar sirri mai ƙarfi.

Har ila yau, rubutun ya tsabtace tsarin don kawar da sifofin baya na malware idan har kamuwa da cuta ta faru a baya.

Bayan haka, ana sauke fayil a cikin na'ura mai sulhu daga uwar garken wanda ya ƙunshi dukkan abubuwan haɗin, gami da Trojan da rootkit.

Rubutun kuma yana ƙara binary Trojan zuwa /etc/rc.local wuri don sanya shi aiki koda bayan sake yi.

Kwararru daga Cibiyar Tsaro ta Intanet ta Duniya (IICS) sun sami kamance da yawa tsakanin HiddenWasp rootkit da Azazel malware, tare da raba wasu guntun gutsure tare da ChinaZ malware da Mirai botnet.

Masana sun kara da cewa: "Godiya ga HiddenWasp, masu fashin kwamfuta za su iya gudanar da umarnin umarni na Linux, gudanar da fayiloli, zazzage wasu rubutun da sauransu".

Kodayake binciken ya samar da wasu binciken, amma har yanzu masana ba su san vector din harin da masu kutsen ke amfani da shi ba wajen cutar da tsarin Linux, kodayake wata hanyar da za a iya bi ita ce, maharan sun tura malware daga wasu tsarin da tuni suke karkashin ikonsu.

Masanan sun kammala da cewa "HiddenWasp na iya zama mataki na biyu na sake kai hari."

Yaya za a hana ko sani idan tsarina yana da rauni?

Don bincika idan tsarinsu ya kamu, za su iya neman fayilolin "ld.so" Idan ɗayan fayilolin ba su ƙunshe da zaren '/etc/ld.so.preload' ba, tsarinku na iya zama mai rauni.

Hakan ya faru ne saboda dasa kayan Trojan da yayi kokarin yin facin abubuwan na ld.so don aiwatar da tsarin LD_PRELOAD daga wuraren da ba'a yarda dasu ba.

Duk da yake don hanawa dole ne mu toshe adiresoshin IP masu zuwa:

103.206.123[.]13
103.206.122[.]245
http://103.206.123[.]13:8080/system.tar.gz
http://103.206.123[.]13:8080/configUpdate.tar.gz
http://103.206.123[.]13:8080/configUpdate-32.tar.gz
e9e2e84ed423bfc8e82eb434cede5c9568ab44e7af410a85e5d5eb24b1e622e3
f321685342fa373c33eb9479176a086a1c56c90a1826a0aef3450809ffc01e5d
d66bbbccd19587e67632585d0ac944e34e4d5fa2b9f3bb3f900f517c7bbf518b
0fe1248ecab199bee383cef69f2de77d33b269ad1664127b366a4e745b1199c8
2ea291aeb0905c31716fe5e39ff111724a3c461e3029830d2bfa77c1b3656fc0
d596acc70426a16760a2b2cc78ca2cc65c5a23bb79316627c0b2e16489bf86c0
609bbf4ccc2cb0fcbe0d5891eea7d97a05a0b29431c468bf3badd83fc4414578
8e3b92e49447a67ed32b3afadbc24c51975ff22acbd0cf8090b078c0a4a7b53d
f38ab11c28e944536e00ca14954df5f4d08c1222811fef49baded5009bbbc9a2
8914fd1cfade5059e626be90f18972ec963bbed75101c7fbf4a88a6da2bc671b

Source: https://www.intezer.com/


2 comments, bar naka

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   Sunan mahaifi Erna m

    Shin ya kamata a san kalmar sudo din ??? Wannan bayanin kula rabin falopa ne

  2.   Claudio Guendelman ne adam wata m

    Ban sani ba ko ya yi aiki ga kamfanin riga-kafi, amma TXT, SH ba ya rayuwa shi kaɗai ... Ban yi imani da komai a wannan labarin ba.