#rootkit

2025-07-04

Houken Exploits Ivanti CSA Flaws to Deploy Stealthy Linux Rootkit

Pulse ID: 686767ae58ae239c29036d15
Pulse Link: otx.alienvault.com/pulse/68676
Pulse Author: cryptocti
Created: 2025-07-04 05:33:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #InfoSec #Ivanti #Linux #OTX #OpenThreatExchange #Rootkit #UK #bot #cryptocti

2025-07-03

Interesting paper on user-space Linux rootkits:

"User-space library rootkits revisited: Are user-space detection mechanisms futile?"

arxiv.org/abs/2506.07827

#linux #rootkit #dfir #forensics

2025-06-30

Fake DeepSeek installers are delivering the Sainbox RAT and Hidden rootkit. Our latest blog details how this campaign, attributed to the Silver Fox group, works. #malware #RAT #rootkit #infosec

netskope.com/blog/deepseek-dec

Netskope Threat Labs has discovered a campaign from the Silver Fox threat actor, using fake installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek, to deliver the Sainbox RAT and Hidden #rootkit to Chinese-speaker users.

netskope.com/blog/deepseek-dec

Campaign carried out by the Siver Fox threat actor using fake installers

🚨 #Diamorphine rootkit deploys crypto miner on #Linux
⚠️ A forked script is used to stealthily deploy a cryptocurrency #miner, disguised as a Python file. Diamorphine intercepts system calls and hides its presence. Let’s take a closer look at this threat’s behavior using #ANYRUN’s Linux VM, which provides full visibility into process activity and persistence mechanisms.

The attack #script capabilities:
🔹 Propagating from the compromised host to other systems, including stealing SSH keys to move laterally
🔹 Privilege escalation
🔹 Installing required dependencies
🔹 Establishing persistence via #systemd
🔹 Terminating rival cryptocurrency miners
🔹 Establishing a three‑layer self‑defense stack:
– Replacing the ps utility
– Installing the Diamorphine #rootkit
– Loading a library that intercepts system calls

❗️ Both the rootkit and the miner are built from open‑source code obtained on #GitHub, highlighting the ongoing abuse of publicly available tooling in Linux threats.

👨‍💻 See Linux analysis session and collect #IOCs: app.any.run/tasks/a750fe79-956

🔍 Use this TI Lookup query to find fresh samples and enhance your organization's security response: intelligence.any.run/analysis/

Analyze and investigate the latest #malware and phishing threats with #ANYRUN 🚀

#cybersecurity #infosec

2025-05-04

Nice how site refers to the application features "monitor employee productivity" back in my day this was called spying using a rootkit.

RE: sfba.social/@twrling/114419685

#rootkit #monitoring #spying #security #leak

Marcel SIneM(S)USsimsus@social.tchncs.de
2025-04-27

Dieser Artikel ist sicherlich schon anderthalb Jahre alt - zu erkennen daran, dass #Windows7 und 8.1 erwähnt werden - für #Windows10 und 11 aber sicherlich noch gültig.
Ansonsten: Desinfec't von heise nutzen 😉

#MicrosoftDefender Offline-Scan gegen Rootkits - pctipp.ch pctipp.ch/praxis/sicherheit/mi #Malware #Rootkit #Microsoft #Windows :windows: #Windows11

WinFuture.deWinFuture
2025-04-26

Sicherheitsforscher haben ein - entwickelt, das die - io_uring ausnutzt, um unentdeckt zu bleiben. Überwachungstools erkennen etwaige Angriffe darüber nicht. winfuture.de/news,150557.html?

2025-04-24

Linux's io_uring speeds up operations—but it's also opening a secret door for silent rootkit attacks. How do we secure innovation when the very tool designed to boost performance creates a blindspot?

thedefendopsdiaries.com/addres

#linuxsecurity
#ioring
#rootkit
#cybersecurity
#kernelvulnerabilities

Teddy / Domingo (🇨🇵/🇬🇧)TeddyTheBest@framapiaf.org
2025-03-14

OBSCURE#BAT #Malware Highlights Risks of API Hooking. Researchers discovered an attack chain that uses several layers of obfuscated #batch files and #PowerShell scripts to deliver an advanced and persistent #rootkit.
darkreading.com/vulnerabilitie
#security

2025-02-12

"Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware

Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.

heise.de/news/Passwort-Folge-2

#Android #Exploit #iOS #Malware #PasswortPodcast #Pegasus #Rootkit #Security #Spyware #news

kriware :verified:kriware@infosec.exchange
2025-02-06

The Art of Linux Kernel Rootkits

An advanced and deep introduction about Linux kernel mode rookits, how to detect, what are hooks and how it works.

inferi.club/post/the-art-of-li

#kernel #linux #rootkit

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst