New stealthy OrBit malware steals data
New malware is found in Linux operating systems that steal all the user data and clears it. OrBit by security researchers Intezer Labs, who first discovered it, this malware hijacks shared libraries to intercept feature calls by modifying the LD_PRELOAD environment variable on compromised devices. While it can gain persistence by using two different methods to block deletion attempts, OrBit can also be implemented as a volatile implant when copied into cue memory.
How does it work?
It destroys all the system data. Malware differs from similar threats by the "almost airtight connection" of libraries to targeted machines, allowing it to gain persistence and evade detection while stealing information and setting up SSH backdoors, a- she declared. “Malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, providing threat actors with remote access capabilities via SSH, harvesting credentials, and registering TTY commands," Fishbein wrote in the post.
0 Comments