Advanced Linux Malware Makes a Comeback

Advanced Linux MalwareLinux has an excellent reputation as an operating system, promising great stability, reliability, and, until recently, security.

Unfortunately, advanced malware targeting Linux users is experiencing a sudden resurgence. Recent reports show that in the first half of 2022, over 1.7 million malware variants were recorded, an increase rate of over 650% from the previous year.

Worse, the malware targeting Linux is becoming more sophisticated and undetectable, highlighting the need for users to be extra vigilant and amp up their security systems.

This article will explore some of the latest forms of malware every Linux user should be aware of. It will also highlight various ways to protect yourself from these and other threats moving forward.

Firstly, what advanced malware should you be aware of?

Let’s look at recent malware discoveries to understand why Linux machines are under such threats. Below are three different forms of advanced malware that have been modified to target Linux systems. They include:

New BPFDoor version

Discovered in 2022, BPFDoor is a sophisticated malware designed to establish ‘persistent remote access’ to compromised environments. By doing this, hackers can analyze and filter traffic in Linux systems for lengthy periods. Its ability to remain hidden makes BPFDoor both highly advanced and a significant threat.

Recently, Deep Instinct’s threat lab observed a new BPFDoor variant that is even more difficult to detect. This malware ignores several operating system alerts to avoid being removed, earning itself the nickname of the ‘stealthier’ variant.

Additionally, it incorporates static library encryption and employs reverse shell communication, rendering firewalls almost useless. Evidence suggests that the malware may have been operating for many years before its detection.

Administrators are advised to monitor network traffic and logs ‘rigorously’ to protect themselves and ensure adequate end-point protections are in place.

Operation DreamJob

Earlier this year, ESET Research uncovered an elaborate malware attack from the Lazarus Campaign, entitled ‘Operation DreamJob.’ It is a supply-chain attack focused on 3CX technology, a service companies use for VoIP communication.

It’s estimated that over 12 million users actively use 3CX, split mainly across three core industries: hospitality, healthcare, and aerospace. The Lazarus Campaign used social engineering attacks on the networking site LinkedIn, offering fake jobs to victims to compromise their devices. It’s thought the primary delivery method was through direct messages.

The malware is named with a special unicode to disguise it as a PDF file. In reality, it is an executable file that, once opened, downloads second-stage malware. All the while, decoy fake PDFs appear on screen to keep the presence of malware a secret.

Abyss Locker ransomware

Leaked Babuk source code from 2021 is thought to be responsible for an influx of advanced ransomware targeting Linux systems. This leaked code is now being adopted by smaller hacker groups, who previously could not mount successful attacks on Linux users because of a lack of experience or resources.

The new attack uses the ‘esxcli’ command-line management tool to terminate any discovered virtual machines. It then encrypts virtual disks, metadata, and snapshots, creating subsequent ransom notes for every file.

While the origins of this ransomware are still unclear, it does bring to the forefront the threat of older source code becoming devastating when manipulated by modern-day hacker groups.

3 Ways to protect yourself from Linux malware

As sophisticated as these threats may seem, there are simple ways to protect yourself. Below are three tips that can help improve your malware protection and keep you safe from emerging threats.

1.    Invest in proper anti-malware software

Despite Linux’s built-in protections, anti-malware software is tailor-made to monitor and scan your device, patch vulnerabilities, and remove emerging threats before they cause damage.

The best anti-malware software will have signature-based detection, which uses a database of known threats to monitor your system effectively. It should also have sandboxing, which isolates a space within your Linux machine to perform file executions safely.

2.    Practice better cyber hygiene

A simple but often overlooked way to avoid malware infection is by improving your cyber hygiene, i.e., using the internet safely.

These five simple changes in your behavior can make all the difference:

  1. Use stronger, unique passwords for all of your work and social accounts.
  2. Schedule routine scans of all devices to detect and remove threats.
  3. Regularly update your operating system, software, and plugins.
  4. Avoid clicking on suspicious websites and advertisements.
  5. Never download files or attachments from unknown, unverified sources.

3.    Use a virtual private network (VPN)

A VPN is an effective cybersecurity tool for Linux systems. It encrypts all internet traffic, preventing hackers from eavesdropping on your online activity. This allows you to work on sensitive work files with total peace of mind.

Best of all, many VPN providers offer advanced security tools, like ad and tracking blockers, that can help to keep your machine free from other emerging cyber threats.