Chinese state hackers target Linux systems with new malware
Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems.
The RedXOR malware samples found by Intezer were uploaded to VirusTotal (1, 2) from Taiwan and Indonesia (known targets for Chinese state hackers) and have low detection rates.
Based on command-and-control servers still being active, the Linux backdoor is being used in ongoing attacks targeting both Linux servers and endpoints.
RedXOR comes with a large set of capabilities, including executing commands with system privileges, managing files on infected Linux boxes, hiding its process using the Adore-ng open-source rootkit, proxying malicious traffic, remote updating, and more.
Source: BleepingComputers