Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.os.linux > #81072
| From | "J.O. Aho" <user@example.net> |
|---|---|
| Newsgroups | alt.os.linux |
| Subject | Re: What do you make of this reported Linux back door? |
| Date | 2025-02-28 18:00 +0100 |
| Message-ID | <m2e8dcFsotdU1@mid.individual.net> (permalink) |
| References | <vprpii$1qo1r$1@news.usenet.ovh> |
On 28/02/2025 08.45, Hank wrote: > https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/ > > Between early November and December 2024, Palo Alto Networks researchers > discovered new Linux malware called Auto-color. We chose this name based on > the file name the initial payload renames itself after installation. > > The malware employs several methods to avoid detection, such as: > > Using benign-looking file names for operating > Hiding remote command and control (C2) connections using an advanced > technique similar to the one used by the Symbiote malware family > Deploying proprietary encryption algorithms to hide communication and > configuration information > Once installed, Auto-color allows threat actors full remote access to > compromised machines, making it very difficult to remove without > specialized software. As Carlos and John has already pointed out, you need to execute a binary (or script) and it's self inflicted, don't install anything you can't install from your distros repository unless you really know what you are doing. -- //Aho
Back to alt.os.linux | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
What do you make of this reported Linux back door? Hank <hankrobins@notspam.uk> - 2025-02-28 08:45 +0100
Re: What do you make of this reported Linux back door? "Carlos E.R." <robin_listas@es.invalid> - 2025-02-28 13:06 +0100
Re: What do you make of this reported Linux back door? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-02 00:38 +0000
Re: What do you make of this reported Linux back door? John Hasler <john@sugarbit.com> - 2025-02-28 08:09 -0600
Re: What do you make of this reported Linux back door? "J.O. Aho" <user@example.net> - 2025-02-28 18:00 +0100
Re: What do you make of this reported Linux back door? Adrian Caspersz <email@here.invalid> - 2025-03-04 18:29 +0000
Re: What do you make of this reported Linux back door? "J.O. Aho" <user@example.net> - 2025-03-04 22:51 +0100
Re: What do you make of this reported Linux back door? "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 00:05 +0100
csiph-web