#SonicWall #SMA devices hacked with #OVERSTEP #rootkit tied to #ransomware
Houken Exploits Ivanti CSA Flaws to Deploy Stealthy Linux Rootkit
Pulse ID: 686767ae58ae239c29036d15
Pulse Link: https://otx.alienvault.com/pulse/686767ae58ae239c29036d15
Pulse Author: cryptocti
Created: 2025-07-04 05:33:34
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #CyberSecurity #InfoSec #Ivanti #Linux #OTX #OpenThreatExchange #Rootkit #UK #bot #cryptocti
Interesting paper on user-space Linux rootkits:
"User-space library rootkits revisited: Are user-space detection mechanisms futile?"
Fake DeepSeek installers are delivering the Sainbox RAT and Hidden rootkit. Our latest blog details how this campaign, attributed to the Silver Fox group, works. #malware #RAT #rootkit #infosec
https://www.netskope.com/blog/deepseek-deception-sainbox-rat-hidden-rootkit-delivery
Netskope Threat Labs has discovered a campaign from the Silver Fox threat actor, using fake installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek, to deliver the Sainbox RAT and Hidden #rootkit to Chinese-speaker users.
https://www.netskope.com/blog/deepseek-deception-sainbox-rat-hidden-rootkit-delivery
Massiver Cyberangriff auf US-Provider: Erster Einbruch schon ein Jahr früher | heise online https://www.heise.de/news/Massiver-Cyberangriff-auf-US-Provider-Erster-Einbruch-schon-ein-Jahr-frueher-10435438.html #CyberWar #CyberSecurity #Malware #Rootkit #Demodex #SaltTyphoon #GhostEmperor #FamousSparrow #China 🇨🇳
🚨 #Diamorphine rootkit deploys crypto miner on #Linux
⚠️ A forked script is used to stealthily deploy a cryptocurrency #miner, disguised as a Python file. Diamorphine intercepts system calls and hides its presence. Let’s take a closer look at this threat’s behavior using #ANYRUN’s Linux VM, which provides full visibility into process activity and persistence mechanisms.
The attack #script capabilities:
🔹 Propagating from the compromised host to other systems, including stealing SSH keys to move laterally
🔹 Privilege escalation
🔹 Installing required dependencies
🔹 Establishing persistence via #systemd
🔹 Terminating rival cryptocurrency miners
🔹 Establishing a three‑layer self‑defense stack:
– Replacing the ps utility
– Installing the Diamorphine #rootkit
– Loading a library that intercepts system calls
❗️ Both the rootkit and the miner are built from open‑source code obtained on #GitHub, highlighting the ongoing abuse of publicly available tooling in Linux threats.
👨💻 See Linux analysis session and collect #IOCs: https://app.any.run/tasks/a750fe79-9565-449d-afa3-7e523f84c6ad/?utm_source=mastodon&utm_medium=post&utm_campaign=diamorphine&utm_term=070525&utm_content=linktoservice
🔍 Use this TI Lookup query to find fresh samples and enhance your organization's security response: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=diamorphine&utm_content=linktotilookup&utm_term=070525#%7B%2522query%2522:%2522commandLine:%255C%2522Diamorphine.ko%255C%2522%2522,%2522dateRange%2522:180%7D%20
Analyze and investigate the latest #malware and phishing threats with #ANYRUN 🚀
"#Malware maker sponsors a #shitpost by a #TechIlliterate #Windows n0ob to sell their #Rootkit to #TechIlliterates" would'nt be as clickbaity but a #HonestVideoTitle instead...
Nice how site refers to the application features "monitor employee productivity" back in my day this was called spying using a rootkit.
PoC #rootkit #Curing evades traditional #Linux detection systems
https://securityaffairs.com/177098/hacking/poc-rootkit-curing-evades-traditional-linux-detection-systems.html
#securityaffairs #hacking
Dieser Artikel ist sicherlich schon anderthalb Jahre alt - zu erkennen daran, dass #Windows7 und 8.1 erwähnt werden - für #Windows10 und 11 aber sicherlich noch gültig.
Ansonsten: Desinfec't von heise nutzen 😉
#MicrosoftDefender Offline-Scan gegen Rootkits - pctipp.ch https://www.pctipp.ch/praxis/sicherheit/microsoft-defender-offline-scan-rootkits-2838946.html #Malware #Rootkit #Microsoft #Windows :windows: #Windows11
Sicherheitsforscher haben ein #Linux-#Rootkit entwickelt, das die #Kernel-#API io_uring ausnutzt, um unentdeckt zu bleiben. Überwachungstools erkennen etwaige Angriffe darüber nicht. https://winfuture.de/news,150557.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
#Hackers can now bypass #Linux #security thanks to terrifying new Curing #rootkit
https://betanews.com/2025/04/24/hackers-bypass-linux-security-with-armo-curing-rootkit/
El #rootkit #PoC de #Linux, io_uring, omite las herramientas de detección de amenazas basadas en llamadas del #sistema
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/el-rootkit-poc-de-linux-io_uring-omite-las-herramientas-de-deteccion-de-amenazas-basadas-en-llamadas-del-sistema/
Linux's io_uring speeds up operations—but it's also opening a secret door for silent rootkit attacks. How do we secure innovation when the very tool designed to boost performance creates a blindspot?
https://thedefendopsdiaries.com/addressing-security-challenges-in-linuxs-iouring-interface/
#linuxsecurity
#ioring
#rootkit
#cybersecurity
#kernelvulnerabilities
OBSCURE#BAT #Malware Highlights Risks of API Hooking. Researchers discovered an attack chain that uses several layers of obfuscated #batch files and #PowerShell scripts to deliver an advanced and persistent #rootkit.
https://www.darkreading.com/vulnerabilities-threats/obscurebat-malware-highlights-api-hooking
#security
"Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware
Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.
#Android #Exploit #iOS #Malware #PasswortPodcast #Pegasus #Rootkit #Security #Spyware #news
The Art of Linux Kernel Rootkits
An advanced and deep introduction about Linux kernel mode rookits, how to detect, what are hooks and how it works.