Linux devices hit with even more new malware, this time from Chinese hackers

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

  • ESET discovers a new piece of malware called WolfsBane
  • This malware features a dropper, a launcher, and a backdoor
  • It is being used by a group known as Gelsemium

Chinese hackers have built new all-in-one malware to target Linux devices, a new report from cybersecurity researchers ESET, have said.

The WolfsBane malware features a dropper, launcher, a backdoor, and a modified open-source rootkit for detection evasion. While not completely outlandish, the approach is rather unconventional, since most hacking groups will develop just one of these features, and use other people’s solutions for the rest.

That being said, WolfsBane’s key ability is to grant its operators total control over the compromised system. It can execute commands coming in from the C2 server, exfiltrate data, and ultimately - manipulate the system.

Gelsemium is active

ESET doesn’t know for certain how the attackers accessed the target systems to deploy the malware in the first place, but assesses “with medium confidence” that the group exploited an unknown web application vulnerability.

The group, in this instance, is called Gelsemium, suggesting that it has at least one herbalist in its ranks. Itis a relatively known Chinese group, active since at least 2014. It mostly targets government institutions, educational organizations, electronics manufacturers, and religious institutions. The majority of its victims are located in East Asia and the Middle Easts.

ESET also suggests that the group decided to target Linux since Windows’ defenses have been getting better lately.

"The trend of APT groups focusing on Linux malware is becoming more noticeable,” ESET said.

“We believe this shift is due to improvements in Windows email and endpoint security, such as the widespread use of endpoint detection and response (EDR) tools and Microsoft's decision to disable Visual Basic for Applications (VBA) macros by default. Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux."

Via BleepingComputer

You might also like

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
China
Chinese hackers develop effective new hacking technique to go after business networks
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Juniper VPN gateways targeted by stealthy "magic" malware
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments