WolfsBane infiltrates targets through a dropper called “cron” that disguises the installer as a KDE desktop component. It can disable SELinux, change user configuration, and create persistent system services. The backdoor component ‘udevd’ loads encrypted libraries to facilitate command and control (C2) communication. Experts say the modified BEURK rootkit is used to hide malicious processes and network activity.
This development underlines the increasing trend of hackers shifting their focus to Linux due to increased Windows security; Threats increasingly target Linux platforms, especially those that access the Internet.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
