Should linux users install antivirus/anti-malware software like Windows users?
How should Linux users protect themselves from threats like this?
I think the fundamental protection is always going to be the firewall that blocks all incoming connections unless you explicitly open a port for a running server.
It’s frustrating that the article doesn’t have much information about the delivery method for this attack. Is it a remote connection, or you have to run it locally and it escalates privileges?
Here’s a link to the actual Trendmicro article: https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html.
Not sure why this article linked the version from 2 years ago.
Also an article with more info: https://www.bleepingcomputer.com/news/security/new-sprysocks-linux-malware-used-in-cyber-espionage-attacks/.
Edit:
My understanding of these articles is that there is a hacking group that is targeting public facing servers that are exploitable using other methods and utilizing this sprysocks software to create an opening for them to remotely access the server. If that’s the case then this shouldn’t affect most Linux desktops or isolated systems. Let me know if anyone has more info.
Two years ago? Why is this even news, then?
The originally posted article looks like it linked to the older version of this malware. I just linked the newer version of the report from yesterday that I found through a different article.
This is the best summary I could come up with:
Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.
In June, researchers from security firm Trend Micro found an encrypted binary file on a server known to be used by a group they had been tracking since 2021.
The Linux malware ported several functions found in Trochilus and combined them with a new Socket Secure (SOCKS) implementation.
The Trend Micro researchers eventually named their discovery SprySOCKS, with “spry” denoting its swift behavior and the added SOCKS component.
Besides showing interest in espionage activities, Earth Lusca seems financially motivated, with sights set on gambling and cryptocurrency companies.
Monday’s Trend Micro report provides IP addresses, file hashes, and other evidence that people can use to determine if they’ve been compromised.
The original article contains 537 words, the summary contains 143 words. Saved 73%. I’m a bot and I’m open source!
Their search turned up a version of the malware with the release number 1.1. The version Trend Micro found was 1.3.6. The multiple versions suggest that the backdoor is currently under development.
They version better than I do at work.
Thank goodness I’m on windows.
Just kidding, I know that triggers Lemmy, lol. I actually like Linux a lot, even though I only use it in docker right now.
