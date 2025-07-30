news
Linux Fear, Uncertainty, Doubt (FUD): Blaming the Wrong Things on "Linux"
Bleeping Computer ☛ Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware [Ed: The issue here is proprietary software from SAP, not Linux]
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company.
Cybersecurity firm Darktrace discovered the attack during an incident response in April 2025, where an investigation revealed that the Auto-Color malware had evolved to include additional advanced evasion tactics.
Darktrace reports that the attack started on April 25, but active exploitation occurred two days later, delivering an ELF (Linux executable) file onto the targeted machine.
The Auto-Color malware was first documented by Palo Alto Networks' Unit 42 researchers in February 2025, who highlighted its evasive nature and difficulty in eradicating once it has established a foothold on a machine.
The backdoor adjusts its behavior based on the user privilege level it runs from, and uses 'ld.so.preload' for stealthy persistence via shared object injection.
Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion [Ed: They try to blame "Linux" for proprietary software that has nothing to do with Linux]
Trend Micro ☛ Gunra Ransomware Group Unveils Efficient Linux Variant [Ed: Presenting a Windows issue as "Linux"]
This blog explores the technical details, implications, and what we know so far about the newly discovered Gunra ransomware Linux variant. Details on the ransomware group’s initial access and propagation techniques will be added in later updates as they become available.