Security Leftovers

posted by Roy Schestowitz on Feb 26, 2025,
updated Feb 27, 2025

• Security Week ☛ Leader of North Korean Hackers Sanctioned by EU

  The EU has announced new sanctions against entities aiding Russia’s war against Ukraine, including an individual who leads North Korean hackers.

• Hacker News ☛ LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

  Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram.

  LightSpy is the name given to a modular spyware that's capable of infecting both Windows and Apple systems with an aim to harvest data. It was first documented in 2020, targeting users in Hong Kong.

  This includes Wi-Fi network information, screenshots, location, iCloud Keychain, sound recordings, photos, browser history, contacts, call history, and SMS messages, and data from various apps like Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp.

• Palo Alto Networks ☛ Auto-Color: An Emerging and Evasive Linux Backdoor [Ed: "Linux Backdoor" is clickbait and misleading]

• Bleeping Computer ☛ New Auto-Color Linux backdoor targets North American govts, universities [Ed: They call it "Linux backdoor", but that's misleading; it's some malicious software one is tricked into adding or gets in via some hole not related to Linux]

  Unit 42 suggests monitoring changes to '/etc/ld.preload,' which is a key persistence mechanism, checking '/proc/net/tcp' for output anomalies, and using behavior-based threat detection solutions.

• Endeavor Business Media LLC ☛ Seal Security launches Seal OS to target and repair Linux vulnerabilities

  Seal OS delivers long-term support for a wide range of Linux distributions, encompassing Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Alpine and more.

• Beta News ☛ New solution automates fixing Linux vulnerabilities

Update

More of the same:

• Security Week ☛ New ‘Auto-Color’ GNU/Linux Malware Targets North America, Asia

  New Linux malware named Auto-Color, which allows full remote access to compromised devices, targets North America and Asia.

• Attacks with novel Auto-Color Linux backdoor deployed in North America, Asia

  BleepingComputer reports that North American and Asian government entities and universities have been subjected to intrusions involving the new evasive Auto-Color Linux backdoor from November to December.

  Attacks commenced with the execution of seemingly harmless files that install an evasive library before renaming the malicious payload to Auto-Color in instances when root privileges are available while malware injection without persistence occurs in the absence of root access, according to a report from the Palo Alto Networks Unit 42 threat intelligence team.

• Hacker News ☛ New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

  Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42.

  "Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software," security researcher Alex Armstrong said in a technical write-up of the malware.

• TechRadar ☛ A new Linux backdoor is hitting US universities and governments

  Universities and government offices in North America and Asia are being targeted by a brand new Linux backdoor called “Auto-color”, experts have claimed.