A new malware has recently been identified affecting Linux systems, called the Lightning Network, which could be employed to use backdoors on devices using SSH and install various rootkits. Basically, it is a modular malware that offers both active and passive functionality to communicate with the person or group that launched the attack.
Consisting of two main modules (Lightning [.] Downloader and Lightning [.] Core), Lightning Network opens SSH on an infected machine and can perform various operations, even received from the outside. In particular, Lightning [.] Downloader takes care of downloading and installing modules and plugins, while Lightning [.] Core is the main module that receives commands (C2) and executes plugins. To bypass security checks on targeted machines, the framework uses typosquatting by masquerading as Seahorse GNOME's password manager and encryption keys.
Photo Credit: Unsplash.com if ( jQuery ("# crm_srl-th_hardware_d_mh2_1"). Given the dangerous nature of this malware, which can act as a backdoor and is a serious security threat, we recommend that you be especially careful and install a reliable anti-malware solution.
In the day yesterday, we also talked to you about how the corrective patches of Retbleed, a vulnerability that affects Intel processors from Skylake to Coffee Lake and AMD from Zen to Zen 2, already implemented within the 5.19 kernel, will not be integrated into the 32-bit kernel , leaving all processors that use it vulnerable to attack. For more details about it, we suggest you read our previous dedicated article.
Consisting of two main modules (Lightning [.] Downloader and Lightning [.] Core), Lightning Network opens SSH on an infected machine and can perform various operations, even received from the outside. In particular, Lightning [.] Downloader takes care of downloading and installing modules and plugins, while Lightning [.] Core is the main module that receives commands (C2) and executes plugins. To bypass security checks on targeted machines, the framework uses typosquatting by masquerading as Seahorse GNOME's password manager and encryption keys.
Photo Credit: Unsplash.com if ( jQuery ("# crm_srl-th_hardware_d_mh2_1"). Given the dangerous nature of this malware, which can act as a backdoor and is a serious security threat, we recommend that you be especially careful and install a reliable anti-malware solution.
In the day yesterday, we also talked to you about how the corrective patches of Retbleed, a vulnerability that affects Intel processors from Skylake to Coffee Lake and AMD from Zen to Zen 2, already implemented within the 5.19 kernel, will not be integrated into the 32-bit kernel , leaving all processors that use it vulnerable to attack. For more details about it, we suggest you read our previous dedicated article.