Linux systems are being hit by a wide-ranging and dangerous new malware
Perfctl is a newly-discovered and unfortunately capable malware strain
Linux systems are being targeted by a dangerous new malware that can serve as a loader, a proxy, and a cryptocurrency miner.
Called Perfctl, the malware was recently spotted by cybersecurity researchers from Aqua Security, who claim it has been around since at least 2021, and has so far infected thousands of Linux endpoints. There are two main ways threat actors deploy Perfctl - either by exploiting thousands of possible misconfigurations, or by abusing a 10/10 vulnerability discovered last year.
Misconfigurations can be pretty much anything, from weak passwords to anything else. As for the vulnerabilities, the researchers saw CVE-2023-33426 being abused. This is an out-of-bounds read flaw with a severity score of 10/10, found in the messaging and streaming platform Apache RocketMQ.
Proxy and loader
Once the malware is deployed, it goes the extra mile to remain hidden, and persistent, leaving users Reddit complaining they were unable to remove the malware from their devices, even after deleting multiple components.
When it works, Perfctl can do a number of things. Its most prominent feature seems to be mining cryptocurrency for the attackers. However, it can also serve as a proxy for a commercial service, with other crooks paying to have their traffic routed through these devices and thus anonymized. Finally, the malware can serve as a loader, to deploy other programs as necessary.
So far, the researchers have not determined who is behind the attack, or what their end goal is. They added that while the number of infected devices is in the thousands, the number of potential targets is in the millions - suggesting that Linux system operators should be on the lookout for potential indicators of compromise.
Via Ars Technica
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
- This sneaky Linux malware went undetected for years, and is using all-new attack tactics
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.