Massiver Cyberangriff auf US-Provider: Erster Einbruch schon ein Jahr früher | heise online https://www.heise.de/news/Massiver-Cyberangriff-auf-US-Provider-Erster-Einbruch-schon-ein-Jahr-frueher-10435438.html #CyberWar #CyberSecurity #Malware #Rootkit #Demodex #SaltTyphoon #GhostEmperor #FamousSparrow #China 🇨🇳
#Rootkit
🚨 #Diamorphine rootkit deploys crypto miner on #Linux
⚠️ A forked script is used to stealthily deploy a cryptocurrency #miner, disguised as a Python file. Diamorphine intercepts system calls and hides its presence. Let’s take a closer look at this threat’s behavior using #ANYRUN’s Linux VM, which provides full visibility into process activity and persistence mechanisms.
The attack #script capabilities:
🔹 Propagating from the compromised host to other systems, including stealing SSH keys to move laterally
🔹 Privilege escalation
🔹 Installing required dependencies
🔹 Establishing persistence via #systemd
🔹 Terminating rival cryptocurrency miners
🔹 Establishing a three‑layer self‑defense stack:
– Replacing the ps utility
– Installing the Diamorphine #rootkit
– Loading a library that intercepts system calls
❗️ Both the rootkit and the miner are built from open‑source code obtained on #GitHub, highlighting the ongoing abuse of publicly available tooling in Linux threats.
👨💻 See Linux analysis session and collect #IOCs: https://app.any.run/tasks/a750fe79-9565-449d-afa3-7e523f84c6ad/?utm_source=mastodon&utm_medium=post&utm_campaign=diamorphine&utm_term=070525&utm_content=linktoservice
🔍 Use this TI Lookup query to find fresh samples and enhance your organization's security response: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=diamorphine&utm_content=linktotilookup&utm_term=070525#%7B%2522query%2522:%2522commandLine:%255C%2522Diamorphine.ko%255C%2522%2522,%2522dateRange%2522:180%7D%20
Analyze and investigate the latest #malware and phishing threats with #ANYRUN 🚀
"#Malware maker sponsors a #shitpost by a #TechIlliterate #Windows n0ob to sell their #Rootkit to #TechIlliterates" would'nt be as clickbaity but a #HonestVideoTitle instead...
Nice how site refers to the application features "monitor employee productivity" back in my day this was called spying using a rootkit.
PoC #rootkit #Curing evades traditional #Linux detection systems
https://securityaffairs.com/177098/hacking/poc-rootkit-curing-evades-traditional-linux-detection-systems.html
#securityaffairs #hacking
Dieser Artikel ist sicherlich schon anderthalb Jahre alt - zu erkennen daran, dass #Windows7 und 8.1 erwähnt werden - für #Windows10 und 11 aber sicherlich noch gültig.
Ansonsten: Desinfec't von heise nutzen 😉
#MicrosoftDefender Offline-Scan gegen Rootkits - pctipp.ch https://www.pctipp.ch/praxis/sicherheit/microsoft-defender-offline-scan-rootkits-2838946.html #Malware #Rootkit #Microsoft #Windows :windows: #Windows11
Sicherheitsforscher haben ein #Linux-#Rootkit entwickelt, das die #Kernel-#API io_uring ausnutzt, um unentdeckt zu bleiben. Überwachungstools erkennen etwaige Angriffe darüber nicht. https://winfuture.de/news,150557.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
#Hackers can now bypass #Linux #security thanks to terrifying new Curing #rootkit
https://betanews.com/2025/04/24/hackers-bypass-linux-security-with-armo-curing-rootkit/
El #rootkit #PoC de #Linux, io_uring, omite las herramientas de detección de amenazas basadas en llamadas del #sistema
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/el-rootkit-poc-de-linux-io_uring-omite-las-herramientas-de-deteccion-de-amenazas-basadas-en-llamadas-del-sistema/
Linux's io_uring speeds up operations—but it's also opening a secret door for silent rootkit attacks. How do we secure innovation when the very tool designed to boost performance creates a blindspot?
https://thedefendopsdiaries.com/addressing-security-challenges-in-linuxs-iouring-interface/
#linuxsecurity
#ioring
#rootkit
#cybersecurity
#kernelvulnerabilities
OBSCURE#BAT #Malware Highlights Risks of API Hooking. Researchers discovered an attack chain that uses several layers of obfuscated #batch files and #PowerShell scripts to deliver an advanced and persistent #rootkit.
https://www.darkreading.com/vulnerabilities-threats/obscurebat-malware-highlights-api-hooking
#security
"Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware
Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.
#Android #Exploit #iOS #Malware #PasswortPodcast #Pegasus #Rootkit #Security #Spyware #news
The Art of Linux Kernel Rootkits
An advanced and deep introduction about Linux kernel mode rookits, how to detect, what are hooks and how it works.
"Passwort" Folge 23: Schnitzeljagd um ein Linux-Bootkit
Sicherheitsforscher finden zufällig die Malware "Bootkitty" und analysieren sie. Was kann sie und wer steckt dahinter? Christopher und Sylvester rätseln mit.
"Passwort" Folge 23: Schnitzeljagd um ein Linux-Bootkit
Sicherheitsforscher finden zufällig die Malware "Bootkitty" und analysieren sie. Was kann sie und wer steckt dahinter? Christopher und Sylvester rätseln mit.
#Microsoft descubrió la #vulnerabilidad de #macOS CVE-2024-44243 que permite la instalación de #rootkit
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/microsoft-descubre-la-vulnerabilidad-de-macos-cve-2024-44243-que-permite-la-instalacion-de-rootkits/
"The Art of Linux Kernel Rootkits"
https://inferi.club/post/the-art-of-linux-kernel-rootkits
(Originally shared by Craig Rowland, Sandfly Security)
Rootkit Malware Exploiting Multiple Vunlerability to Control Linux Systems Remotely
https://cybersecuritynews.com/rootkit-malware-controls-linux-systems-remotely/
#Infosec #Security #Cybersecurity #CeptBiro #Rootkit #Malware #Vunlerability #LinuxSystems #Remote
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst