Sequretek Advisory - Linux Malware Symbiote

Researchers discovered a new malware named, Symbiote, that infects Linux systems and is difficult to detect.

• Researchers from Intezer, and the BlackBerry Threat Research & Intelligence team discovered a new Linux based malware, Symbiote, that is nearly impossible to detect. The malware was first discovered in Dec 2021 and appeared to target financial organizations in Latin America.

• Symbiote malware provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges.

• The Symbiote malware acquired its name on account of its “parasitic nature”. In contrast with typical Linux malware, which ordinarily attempts to compromise running processes, this malware acts as a shared object (SO) library that is loaded on all running processes via LD_PRELOAD.

• According to researchers, the malware contains several interesting features. For instance, the malware leverages Berkeley Packet Filtering (BPF) hooking. This hides malicious traffic on an infected machine.

Sign Up Here for Download