28 C
Jaipur
Wednesday, October 28, 2020

Beware! A New Linux Malware From Russian Hackers Is Stealing Data

Must read

Vdx – An Intuitive Commandline Wrapper To FFmpeg

FFmpeg is a cross-platform, open source audio and video converter. It supports most industry standard codecs and can convert and transcode media files from...

Valorant Tier List: Best Agents In Valorant [Update 1.10]

Valorant, like Counter-Strike: Global Offensive, is a tactical five-person shooter game that has successfully grabbed millions of players worldwide. However, the feature that sets...

The National Security Agency (NSA) and FBI have issued a warning against a new Linux malware dubbed “Drovorub” that is believed to have been developed by Russian military hackers.

According to a report based on data collected by the agencies, the Linux malware strain is the work of APT28, a notorious hacking group from military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS). The intention behind spreading the malware is espionage and stealing secrets from the public sector and IT companies.

Drovorub Linux Malware

Drovorub Linux malware, as per the two agencies, consists of an implant, a file transfer tool, a kernel module rootkit, a command and control server, and a port forwarding module. The report mentions that the malware is highly stealthy and can manage to stay undetected in machines owing to advanced rootkit technologies deployed by hackers. The stealthy capabilities of Drovorub Linux malware make it easy for hackers to target different types of platforms, initiating attacks at any time.

The report describes the functioning of each component of the Linux malware that communicates with each other using JSON over WebSockets and the traffic is encrypted from the server module using the RSA algorithm.

Drovorub Components Linux malware
Source: NSA

How to stay safe from Drovorub Linux Malware?

The NSA and FBI have enlisted a few precautionary measures that could be used to stay safe from the new strain of Linux malware:

  • Keep all Linux systems updated to kernel version 3.7 or later.
  • Systems must be configured to load modules with digital signatures.
  • Enable the UEFI Secure Boot verification mechanism.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Vdx – An Intuitive Commandline Wrapper To FFmpeg

FFmpeg is a cross-platform, open source audio and video converter. It supports most industry standard codecs and can convert and transcode media files from...

Valorant Tier List: Best Agents In Valorant [Update 1.10]

Valorant, like Counter-Strike: Global Offensive, is a tactical five-person shooter game that has successfully grabbed millions of players worldwide. However, the feature that sets...

How To Fix Chromium-Based Web Browsers Not Working Properly After Resume From Suspend On Linux

This article explains how to fix Chromium-based web browsers (Google Chrome, Chromium, Vivaldi, Opera, etc.) not working properly after resuming from suspend on Linux. Those...