Symbiote a Linux malware anoshandisa hunyanzvi hunyanzvi hwekuvanza nekuba zvitupa

Vazhinji vashandisi yeanoshanda masisitimu akavakirwa pa Linux inowanzova nemafungiro asiriwo ekuti "muLinux hamuna mavhairasi" uye vanototaura kuchengetedzeka kukuru kururamisa rudo rwavo rwekugovera kwakasarudzwa uye chikonzero chepfungwa chakajeka, sezvo kuziva nezve "hutachiona" muLinux ndiko kutaura "taboo"...

Uye nekufamba kwemakore, izvi zvachinja., sezvo nhau dzekutsvaga malware muLinux dzatanga kunzwika kakawanda uye zvakanyanya pamusoro pekuti vanove vakaoma sei kuti vakwanise kuvanza uye pamusoro pezvose kuchengetedza huvepo hwavo muhurongwa hwehutachiona.

Uye chokwadi chekutaura pamusoro peizvi ndechokuti mazuva mashoma apfuura chimiro chemalware chakawanikwa uye chinhu chinonakidza ndechekuti inokanganisa maLinux masisitimu uye inoshandisa hunyanzvi hwekuvanza nekuba zvitupa.

Vashandi vakawana iyi malware vaive ivo Vatsvagiri veBlackBerry uye yavanotumidza se "Symbiote", Yaimbove isingaonekwe, inoita parasitic sezvo ichida kutapurira mamwe maitirwo ekuita kukuvadza pamichina ine hutachiona.

Symbiote, yakatanga kuwanikwa munaNovember 2021, yakatanga kunyorwa kuti itarise chikamu chezvemari muLatin America. Pamusoro pehutachiona hunobudirira, Symbiote inozvivanza uye chero imwe malware yakatumirwa, zvichiita kuti zviome kuona hutachiona.

Malware kunanga Linux masisitimu haisi nyowani, asi nzira dzakabira dzinoshandiswa neSymbiote dzinoita kuti zvibude pachena. Iyo linker inotakura iyo malware kuburikidza neLD_PRELOAD rairo, ichiibvumira kurodha pamberi pezvimwe zvinhu zvakagovaniswa. Sezvo ikatanga kutakurwa, inogona "kubira zvinhu kunze kwenyika" yemamwe mafaera eraibhurari akaiswa kune application. Symbiote inoshandisa izvi kuvanza kuvepo kwayo pamushini.

"Sezvo iyo malware inoshanda seyemushandisi-level rootkit, kuona hutachiona kunogona kunetsa," vanopedzisa vanopedzisa. "Network telemetry inogona kushandiswa kuona zvikumbiro zveDNS zvisinganzwisisike uye maturusi ekuchengetedza akadai seantivirus uye kuona kwekupedzisira uye mhinduro inofanirwa kuve yakabatana kuti ive nechokwadi chekuti 'havana kutapukirwa' nevashandisi rootkits."

Kana Symbiote aita utachiona zvese zvinomhanya process, inopa kurwisa rootkit kushanda nekugona kukohwa zvitupa uye kure kure kugona kugona.

Iyo inonakidza tekinoroji chikamu cheSymbiote ndeye Berkeley Packet Sefa (BPF) yekusarudza mashandiro. Symbiote haisi yekutanga Linux malware kushandisa BPF. Semuyenzaniso, backdoor yemberi inonzi yakaitwa neboka reEquation yakashandisa BPF panhaurirano dzakavanda. Nekudaro, Symbiote inoshandisa BPF kuvanza yakaipa network traffic pamushini une hutachiona.

Kana maneja atanga mudziyo wekutora pakiti pamushini une hutachiona, BPF bytecode inopinzwa mu kernel inotsanangura mapaketi anotorwa. Mukuita uku, Symbiote inotanga yawedzera bytecode yayo kuti ikwanise kusefa network traffic yausingade packet capture software kuti ione.

Symbiote inogona zvakare kuvanza yako network chiitiko uchishandisa akasiyana matekiniki. Ichi chivharo chakanakira kubvumira malware kuwana zvitupa uye kupa kure kure kune anotyisidzira mutambi.

Vatsvakurudzi vanotsanangura kuti nei zvakaoma kuona:

Kana malware yangobata muchina, inozvivanza, pamwe nechero imwe malware inoshandiswa neanorwisa, zvichiita kuti hutachiona huve hwakaoma kuona. Iyo mhenyu yekuongorora yemuchina une hutachiona inogona kusaburitsa chero chinhu, sezvo iyo malware inovanza mafaera ese, maitiro, uye network artefacts. Pamusoro peiyo rootkit kugona, iyo malware inopa backdoor inobvumira mutambi wekutyisidzira kuti apinde mukati sechero mushandisi pamushini ane hardcoded password uye kuita mirairo ine rombo rakanaka.

Sezvo zvisingaite zvakanyanya, chirwere cheSymbiote chinogona "kubhururuka pasi pe radar." Kuburikidza nekuferefeta kwedu, hatina kuwana humbowo hwakakwana hwekuona kuti Symbiote inoshandiswa mukurwiswa kwakanyanya kwakanangwa kana kwakakura.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.