Linux Blamed for Everything (Even Unpatched Systems, Years-Old CVEs)
-
Gray Dot Media Group ☛ New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms [Ed: They cannot even explain what software carries this onto "Linux"; they just blame "Linux". Microsoft is desperate to "dismantle" the argument "Linux is more secure", even if that means attributing to "Linux" everything that isn't.]
This embedded rootkit can hook key system calls like kill(), network-related functions, and file listing operations to effectively mask its presence and evade detection. Researchers believe that this RAT was created by the same person who developed the XorDdos Linux Trojan or someone who has access to its source code.
-
Bleeping Computer ☛ Krasue RAT malware hides on Linux servers using embedded rootkits [Ed: The issue here is not "Linux" but something that runs on top of it and gets exploited]
It is unclear how the malware is being distributed but it could be delivered after exploiting a vulnerability, following a credential brute force attack, or even downloaded from an untrusted source as a package or binary impersonating a legitimate product.
-
Dark Reading ☛ Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms [Ed: It took years to detect this. And they don't know the culprit or still cannot name it, so by default, blame "Linux"]
A stealthy malware is infecting the systems of telecoms and other verticals in Thailand, remaining under the radar for two years after its code first appeared on VirusTotal.
-
Hacker News ☛ New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand [Ed: It infests some servers that run "Linux", but it comes from somewhere else. Like any time proprietary VMware has a truly major hole and then VMware (and media it pays) rushes to blame "Linux"...]
This has raised the possibility that Krasue is either deployed as part of a botnet or sold by initial access brokers to other cybercriminals, such as ransomware affiliates, who are looking to obtain access to a specific target.
-
New Krasue Linux RAT targets telecom companies in Thailand [Ed: They need to specify if that gets installed due to outdated libraries, or perhaps bad passwords, or some proprietary stuff that's not GNU/Linux]
Group-IB researchers discovered a previously undetected Linux remote access trojan called Krasue has been employed in attacks aimed at telecom companies in Thailand.
The Krasue Remote Access Trojan (RAT) has remained undetected since at least 2021 when it was registered on Virustotal. The name “Krasue,” comes from the Thai name of a nocturnal native spirit known throughout Southeast Asian folklore.
-
Krasue’s curse: Group-IB discovers new Linux Remote Access Trojan targeting companies in Thailand
Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has discovered a new Linux Remote Access Trojan (RAT) that has been leveraged by cybercriminals looking to stealthily maintain access to the networks of targeted companies, which were exclusively based in Thailand. This Trojan, which has been named Krasue by Group-IB’s Threat Intelligence unit as a nod to the Thai name of a nocturnal native spirit known throughout Southeast Asian folklore, has been active since at least 2021, although remained under the radar for a significant period of time. At this stage, Group-IB researchers can confirm that Krasue was used against telecommunications companies in Thailand, although it has likely been part of attacks against organizations in other verticals.
-
Cyber Security News ☛ SnappyTCP – Reverse Shell for Linux/Unix Systems With C2 Capabilities [Ed: This one at least specifies which very old flaws are being exploited (unpatched systems)]
Cybersecurity researchers at PwC recently discovered a reverse TCP shell for Linux or Unix systems with C2 capabilities while analyzing one of the malware of Teal Kurma (a.k.a. Sea Turtle, Marbled Dust, Cosmic Wolf) dubbed ‘SnappyTCP’.
Update
Some more on this:
-
'Krasue' Linux RAT Targets Organizations in Thailand [Ed: The issue is not Linux. They found this on Linux but cannot explain how it got there.]
Hackers targeted telecommunications companies in Thailand with a Linux remote access Trojan designed to attack different versions of the open-source kernel, researchers say.
-
Thai telecoms’ Linux systems subjected to Krasue RAT compromise [Ed: The issue here is not Linux; the target is]
BleepingComputer reports that telecommunications firms in Thailand had their Linux systems stealthily compromised with the Krasue remote access trojan, which sought persistent host access, since 2021.
Details regarding Krasue RAT's distribution method remain unclear, but the malware had seven different kernel-level rootkit variants within its binary, one of which spoofs an unsigned VMware driver, a report from Group-IB revealed. Similar system call and function call hooking features were discovered across all rootkit variants, which were based on the open-source Diamorphine, Rooty, and Suterusu rootkits.
-
Stealthy Linux rootkit found in the wild after going undetected for 2 years [Ed: But not Linux is the culprit here]
Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday.
Newer one:
-
A whole new kind of Linux malware has been found in the wild
The newly uncovered Linux Remote Access Trojan (RAT), Krasue, was first registered on Virustotal, and has since been targeting primarily telecommunications companies in Thailand.