Linux is an operating system that, for a long time, had the reputation of being considered free of viruses and malware. But in recent years, cybercriminals have demonstrated their capabilities, gaining access and even attacking it with malware and ransomware. However, this time they reached a new level of attack with Symbiote, a malware that, in the best style of agent 007, achieves its objectives stealthily. Learn more by reading the rest of the article.
Symbiote’s targets are financial institutions in Latam
Symbiote is a virtually undetectable Linux malware, discovered and named by cybersecurity firms BlackBerry and Intezer. This malware also acts as a parasite as it hides inside the system and running processes to drain the target’s resources.
It is believed that the developers of this malware began their work in November of last year, with very clear targets such as financial organizations in Latin America, which may include banks of the status of Banco do Brasil and Caixa. As the researchers comment to The Hacker News:
“Symbiote’s main objective is to capture credentials and to facilitate backdoor access to a victim’s machine,” researchers Joakim Kennedy and Ismael Valenzuela said. “What makes Symbiote different from other Linux malware is that it infects running processes rather than using a standalone executable file to inflict damage.”
Thanks to a native Linux feature called LD_PRELOAD, it manages to infiltrate the system to be loaded by the dynamic linker into all running processes. The malware can also cloak its network traffic by using the extended Berkeley Packet Filter (eBPF) feature. It has also been observed storing captured credentials encrypted in files that later are masquerade as C header files.
There is still a lot to learn about Symbiote, but work is already underway to prevent attacks with major repercussions on the Latam economy. More information on this is expected very soon.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by ArthurHidden on freepik
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp