New “Lightning Framework” malware targets Linux systems, installs rootkits
Image courtesy:Malware News
On Thursday, a new and previously unrevealed malware called “Lightning Framework” targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits.
Lightning Framework is a modular malware that also comes with the support for plugins.
“The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration,” said Intezer security researcher Ryan Robinson as per Bleeping Computer.
The malware still hasn’t been spotted in the Wild, and some of its components (referenced in the source code) are yet to be discovered and analyzed.
According to Bleeping Computer, Lightning Framework is developed by using a simple structure: a downloader component that will download and install the malware’s other modules and plugins, including its core module, on compromised Linux devices.
The malware uses typosquatting and will pretend as the Seahorse GNOME password and encryption key manager to avoid detection on infected systems.
“After reaching out to its command-and-control (C2) server over TCP sockets using C2 info stored in undetectable polymorphic encoded configuration files, Lightning Framework fetches its plugins and the core module,” a source as per Bleeping Computer.
