• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft warns rise in xorddos malware targeting linux devices

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

You are here: Home / General Cyber Security News / Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices
May 20, 2022

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity about the very last 6 months, in accordance to most recent study from Microsoft.

The trojan, so named for carrying out denial-of-company attacks on Linux devices and its use of XOR-dependent encryption for communications with its command-and-control (C2) server, is regarded to have been energetic considering the fact that at least 2014.

“XorDdos’ modular character offers attackers with a versatile trojan capable of infecting a wide range of Linux program architectures,” Ratnesh Pandey, Yevgeny Kulakov, and Jonathan Bar Or of the Microsoft 365 Defender Exploration Team said in an exhaustive deep-dive of the malware.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Its SSH brute power attacks are a comparatively uncomplicated nevertheless powerful system for gaining root entry above a quantity of potential targets.”

Distant command about susceptible IoT and other internet-connected equipment is received by implies of protected shell (SSH) brute-power attacks, enabling the malware to form a botnet able of carrying dispersed denial-of-support (DDoS) attacks.

Besides getting compiled for ARM, x86, and x64 architectures, the malware is built to assist various Linux distributions, not to mention arrive with features to siphon delicate information, install a rootkit, and act as a vector for follow-on routines.

In latest years, XorDdos has focused unprotected Docker servers with uncovered ports (2375), making use of victimized methods to overwhelm a focus on network or provider with faux visitors in order to render it inaccessible.

CyberSecurity

XorDdos has since emerged as the prime Linux-qualified threat in 2021, in accordance to a report from CrowdStrike printed previously this January.

“XorDdos employs evasion and persistence mechanisms that allow for its functions to keep on being robust and stealthy,” the researchers mentioned.

“Its evasion abilities include things like obfuscating the malware’s actions, evading rule-based detection mechanisms and hash-based mostly malicious file lookup, as well as utilizing anti-forensic techniques to crack method tree-primarily based evaluation.”

Discovered this posting attention-grabbing? Comply with THN on Facebook, Twitter  and LinkedIn to read through additional exceptional content we submit.


Some components of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Modern “Smart” Farm Machinery Vulnerable to Cyber-Attackers
Next Post: 380K Kubernetes API Servers Exposed to Public Internet 380k kubernetes api servers exposed to public internet»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.