Linux systems targeted with dangerous new Chinese malware

News
By published

Malware’s behaviour indicates that it could be part of an ongoing operation

security threat
(Image credit: Shutterstock.com)

Security researchers have found a new sophisticated backdoor malware which they believe is being exploited to target Linux endpoints and servers.

Dubbed RedXOR because of its peculiar network data encoding scheme based on XOR, news of the previously undocumented backdoor was shared by a couple of researchers at Intezer. Furthermore, based on its Tactics, Techniques, and Procedures (TTPs), Intezer believes RedXOR is the work of high-profile Chinese threat actors.

“2020 set a record for new Linux malware families. New malware families targeting Linux systems are being discovered on a regular basis. Backdoors attributed to advanced threat actors are disclosed less frequently,” note the researchers while sharing details about RedXOR.

Active operation

Linux systems are under constant attack since it powers a majority of the public cloud workload, the researchers observe. This puts Linux on the crosshairs of all kinds of threat groups, and RedXOR is just part of this trend. 

"Some of the most prominent nation-state actors are incorporating offensive Linux capabilities into their arsenal and it's expected that both the number and sophistication of such attacks will increase over time," says a 2020 report by Intezer.

While investigating the backdoor, the researchers noticed that its Command and Control (C&C) server came online now and then, which led the researchers to conclude that the backdoor is still being actively exploited.

According to the researchers, samples of the malware were uploaded from Indonesia and Taiwan, which are some of the usual targets for Chinese threat actors. They also noticed similarities between RedXOR and earlier malware by the known Chinese state-sponsored Winnti threat group.

During their analysis of the samples, the researchers discovered that they were compiled with a legacy GCC compiler on an old release of Red Hat Enterprise Linux, which suggests that RedXOR is designed to target legacy Linux systems. 

Via: BleepingComputer

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
China
Chinese hackers develop effective new hacking technique to go after business networks
A white padlock on a dark digital background.
Developers targeted by malicious Microsoft VSCode extensions
Telegram
New Golang malware is hijacking Telegram to help itself spread
China
Chinese hackers targeting Juniper Networks routers, so patch now
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
Latest in Security
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
3d rendering of a submarine power cable on the seabed
Subsea internet cables can now ‘listen’ for sabotage using irregular pulses of light
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
Latest in News
A woman sitting in a chair looking at a Windows 11 laptop
Microsoft is supercharging Windows 11’s voice commands on Copilot+ PCs with Snapdragon CPUs, and fine-tuning a few Recall features
The Future Games Show Spring Showcase
The Future Games Show returns this week for its Spring Showcase, here's how to watch and what games to expect
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
Apple iPhone 16 Plus Review
Apple expert just tipped a load of iPhone 17 upgrades: here are 7 things we’ve learned
Google Chromecast 2
Google rolls out another Chromecast bug fix for users who factory-reset their devices
More about security
NordProtect logo

Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X

Ofcom cracks down on UK tech firms, will issue sanctions for illegal content

The Future Games Show Spring Showcase

The Future Games Show returns this week for its Spring Showcase, here's how to watch and what games to expect
See more latest
Most Popular
The Future Games Show Spring Showcase
The Future Games Show returns this week for its Spring Showcase, here's how to watch and what games to expect
Apple iPhone 16 Plus Review
Apple expert just tipped a load of iPhone 17 upgrades: here are 7 things we’ve learned
A woman sitting in a chair looking at a Windows 11 laptop
Microsoft is supercharging Windows 11’s voice commands on Copilot+ PCs with Snapdragon CPUs, and fine-tuning a few Recall features
Nvidia GTC 2024
Nvidia GTC 2025 - all the news and updates from Jensen Huang keynote as it happens
NordProtect logo
Standalone identity theft protection from Nord Security is now available
Nintendo Gamecube
Rumors about a GameCube controller for Switch 2 flare up again, this time thanks to evidence from Nintendo itself
PS5 Pro feature
New Playstation studio is helmed by veteran Call of Duty dev and has been 'working away in the shadows'
A representational concept of a social media network
Living in the US? You can now measure your online data exposure for free
A girl covered in bloddy flowers sits on a boat
Silent Hill f's content warning has been detailed by the ESRB, and it's not exactly what I'd call light reading
Google Chromecast 2
Google rolls out another Chromecast bug fix for users who factory-reset their devices