Home → News → Security Researchers Discover Linux Version of Winnti... → Full Text

Security Researchers Discover Linux Version of Winnti Malware

By ZDNet

May 22, 2019

[article image]


Security researchers discovered a Linux version of Winnti, a malware used by Chinese government-sponsored hackers, which operates as a backdoor on compromised hosts.

Researchers at Alphabet's cybersecurity unit Chronicle found Winnti malware on the Bayer drug company's systems after Bayer was attacked by Chinese hackers.

The researchers detected the Linux variant when scanning for Winnti on Chronicle's VirusTotal platform. Its components include a rootkit element that conceals the malware on infected hosts, and the backdoor trojan itself.

The variant's code resembled the Winnti 2.0 Windows version, and conducted similar handling of outbound communications with its command-and-control (C&C) server.

Moreover, the Linux iteration enabled Chinese hackers to link to infected hosts while bypassing C&C servers.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA

0 Comments

No entries found