Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.os.linux > #81070

Re: What do you make of this reported Linux back door?

From "Carlos E.R." <robin_listas@es.invalid>
Newsgroups alt.os.linux
Subject Re: What do you make of this reported Linux back door?
Date 2025-02-28 13:06 +0100
Message-ID <ifl89lxv1v.ln2@Telcontar.valinor> (permalink)
References <vprpii$1qo1r$1@news.usenet.ovh>

Show all headers | View raw

On 2025-02-28 08:45, Hank wrote:
> https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/
> 
> Between early November and December 2024, Palo Alto Networks researchers
> discovered new Linux malware called Auto-color. We chose this name based on
> the file name the initial payload renames itself after installation.
> 
> The malware employs several methods to avoid detection, such as:
> 
> Using benign-looking file names for operating
> Hiding remote command and control (C2) connections using an advanced
> technique similar to the one used by the Symbiote malware family
> Deploying proprietary encryption algorithms to hide communication and
> configuration information
> Once installed, Auto-color allows threat actors full remote access to
> compromised machines, making it very difficult to remove without
> specialized software.


The important information, which is how it enters initially a machine, 
is missing. It seems to be root running an infected executable.

-- 
Cheers, Carlos.

Back to alt.os.linux | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

What do you make of this reported Linux back door? Hank <hankrobins@notspam.uk> - 2025-02-28 08:45 +0100
  Re: What do you make of this reported Linux back door? "Carlos E.R." <robin_listas@es.invalid> - 2025-02-28 13:06 +0100
    Re: What do you make of this reported Linux back door? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-02 00:38 +0000
  Re: What do you make of this reported Linux back door? John Hasler <john@sugarbit.com> - 2025-02-28 08:09 -0600
  Re: What do you make of this reported Linux back door? "J.O. Aho" <user@example.net> - 2025-02-28 18:00 +0100
    Re: What do you make of this reported Linux back door? Adrian Caspersz <email@here.invalid> - 2025-03-04 18:29 +0000
      Re: What do you make of this reported Linux back door? "J.O. Aho" <user@example.net> - 2025-03-04 22:51 +0100
        Re: What do you make of this reported Linux back door? "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 00:05 +0100

csiph-web