Pages

Saturday, 25 July 2015

Cyber ​​Spies Added Linux Support To Allow Malware



A group of cyber spies who is held responsible for attacks on the Belgian government , the White House and a variety of other businesses , government agencies and institutions in Europe and the United States has developed new malware that also features Linux support.

The group is "Duke" and has been active for several years. Recently, a new instance of malware from the group discovered called "Seaduke". It is a Trojan designed to steal information and will be used against a small number of valuable objectives.According to both Symantec and Palo Alto Networks involves highly sophisticated malware.

Linux

Finland's F-Secure analyzed the malware and also saw that the Trojan is written in Python and supports both Windows and Linux. According to the virus fighter Seaduke is the first "cross-platform" malware of the Duke group. The first thing is to use the popular scripting language Python. Earlier malware cyber spies were written in the programming languages ​​C and C ++. In addition, the Python code for both Windows and Linux proves to be developed. "We therefore suspect that the Duke group same Python code Seaduke used to attack Linux users," says researcher Artturi Lehtiö.

Lehtiö leaves in front Security.NL know that there are no attacks against Linux users in the "wild" are found. "But it is safe to assume that they have added Linux support to the use," he notes. The question remains how Linux users would be attacked.The Duke group, for example, used a funny movie monkeys to attack Windows users, which in reality was an exe file. There are PDF documents containing exploits for vulnerabilities in Adobe Reader used to infect computers with malware.

Adding Linux support to malware is not new. Earlier this year it was discovered another group of cyber spies who had done this. The group decided to use social engineering to infect Linux users. Attacked users received a rogue HTML5 plugin offered which turned out to be in reality spyware.

No comments:

Post a Comment