A new Linux (opens in new tab) malware has been discovered that is capable of avoiding detection by antivirus programs, steals sensitive data from compromised endpoints (opens in new tab) and infects all processes running on a device.
Cybersecurity researchers from Intezer Labs say the malware (opens in new tab), dubbed OrBit, modifies the LD_PRELOAD environment variable, allowing it to hijack shared libraries and, consequently, intercept function calls.
“The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands,” Intezer Labs researcher Nicole Fishbein explained.
Hiding in plain sight
“Once the malware is installed it will infect all of the running processes, including new processes, that are running on the machine.”
Up until only recently, most antivirus solutions did not treat OrBit dropper, or payload, as malicious, the researchers said but added that now, some anti-malware service providers do identify OrBit as malicious.
“This malware steals in