Security researchers discovered a Linux version of Winnti, a malware used by Chinese government-sponsored hackers, which operates as a backdoor on compromised hosts.
Researchers at Alphabet's cybersecurity unit Chronicle found Winnti malware on the Bayer drug company's systems after Bayer was attacked by Chinese hackers.
The researchers detected the Linux variant when scanning for Winnti on Chronicle's VirusTotal platform. Its components include a rootkit element that conceals the malware on infected hosts, and the backdoor trojan itself.
The variant's code resembled the Winnti 2.0 Windows version, and conducted similar handling of outbound communications with its command-and-control (C&C) server.
Moreover, the Linux iteration enabled Chinese hackers to link to infected hosts while bypassing C&C servers.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA