The Evolution of Linux Binaries in Targeted Cloud Operations
1 min read
Summary
Unit 42 researchers have found that Linux ELF files are increasingly being used in attacks on cloud infrastructure
Malware distributors are increasingly targeting cloud-based systems in campaigns, and ELF files are suiting them because they are so ubiquitous in Linux operating systems
The researchers found five ELF-based malware families that have been seen in the wild and are being actively developed, including backdoors, RATs, and data wipers
The families, which include NoodleRAT, Winnti, SSHdInjector, PygmyGoat, and AcidPour, use techniques such as the abuse of the LD_PRELOAD environment variable to inject malicious code, achieve stealth and maintain C2 channels, exfiltrate data and impact operations by wiping critical data.
