Researchers discovered a new malware named, Symbiote, that infects Linux systems and is difficult to detect.
• Researchers from Intezer, and the BlackBerry Threat Research & Intelligence team discovered a new Linux based malware, Symbiote, that is nearly impossible to detect. The malware was first discovered in Dec 2021 and appeared to target financial organizations in Latin America.
• Symbiote malware provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges.
• The Symbiote malware acquired its name on account of its “parasitic nature”. In contrast with typical Linux malware, which ordinarily attempts to compromise running processes, this malware acts as a shared object (SO) library that is loaded on all running processes via LD_PRELOAD.
• According to researchers, the malware contains several interesting features. For instance, the malware leverages Berkeley Packet Filtering (BPF) hooking. This hides malicious traffic on an infected machine.