Symbiote: Undetectable Linux Malware?

HMS_Endeavour · June 13, 2022, 4:51am

Is this something we should concerned about? https://www.infosecurity-magazine.com/news/linux-malware-symbiote/

What are you using to protect against malware?

keybreak · June 13, 2022, 5:25am

honka_animated-128px-40

moson · June 13, 2022, 5:55am

I prefer a hardware firewall

keybreak · June 13, 2022, 5:57am

Half measures!!!
honka_animated-128px-20

Gamall · June 13, 2022, 6:13am

None of the sources I see say anything about how you actually catch it, and it sounds like it needs to be root to do its Houdini stuff.

So it’s business as usual: don’t install from untrusted repos or sources.

Am I missing a perfectly good reason to indulge in some refreshing panic here?

pebcak · June 13, 2022, 6:17am

The so called “common sense”. Whatever that is

chromian · June 13, 2022, 6:18am

Despite only publishing their research this week, the team said it first detected the malware in November 2021 across various financial institutions in Latin America.

Did all they sudo the malware into their systems? I am more curious how it got into those bank systems.

chromian · June 13, 2022, 6:19am

Don’t be root when you don’t have to be.
Don’t install software from sketchy sources.

keybreak · June 13, 2022, 6:22am

Since it’s almost impossible to detect, as they say, and ways it can end up inside your system are countless (including supply chain attacks) - none of those ways would currently help, except cutting wire

Kresimir · June 13, 2022, 6:36am

Oh bobbins!

ramon395 · June 13, 2022, 7:47am

ublock origin and umatrix to block javascript

HMS_Endeavour · June 13, 2022, 9:57am

That’s why I never used antimalware. I once had the Sophos end-to-end, but they have discontinued the linux version.

Panic and caution are at different ends of the scale.

mrvictory · June 13, 2022, 10:07am

Only UFW + reading every PKGBUILD before installing it. Also all mitigations are disabled. I should have bigger concerns though because dual boot

HMS_Endeavour · June 13, 2022, 10:14am

That’s a given, but good advice nevertheless.

HMS_Endeavour · June 13, 2022, 10:20am

https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat Under evasion techniques.

Gamall · June 13, 2022, 10:25am

I meant catch as in “catch a cold”, not as in “catch a thief”

HMS_Endeavour · June 13, 2022, 10:36am

I’m not technical, but does that Blackberry report explain how it actually gets inside the system?

Gamall · June 13, 2022, 12:40pm

I may be missing something (I’m at work), but I don’t see it in that article (or the others my earlier cursory search revealed). It’s all about what happens once it’s in.

Once the malware has infected a machine
Once it has infected all the running processes, [sophisticated things about how it evades detection]

In my analogy it’s the equivalent of “once inside the cell, the common cold virus sends its mRNA into the ribosomes to blah blah”.

I’m more looking for the more prosaic “you tend to catch it by sitting near people who sneeze a lot, via airborne droplets; 60% of people are infected in January”.

wordler · June 13, 2022, 10:03pm

FUD always makes a good story for the online media. What are they targeting here? Make backups.

HMS_Endeavour · June 14, 2022, 12:14am

Well I just installed uMatrix extension.