A new malware developed in China has as main focus systems and servers with program Linux. Through it, the malware hides itself by monitoring systems and security software. safety and creates a backdoor on these platforms, which criminals can remotely turn on or off. To learn how to prevent yourself from this new malware, check out the full article!

What is this new malware all about?

According to researchers at Avast Security Network, this is malware that is still in development. Its use has been made to attack Linux infrastructures and systems. According to investigations, its development is linked to a Chinese threat group: APT31 or Zirconium. These were supposed to deliver a backdoor known as Rekoobe.

Syslogk, that is, the event logging system (messages of events occurring in the system), would be based on exploration tools that are still under development. In this way, different operating system kernels continue to be affected, as the exploit and stealth capabilities of this malware continue to be expanded.

The first records of this virus were from an SMTP e-mail server. Criminals created these emails so that the malware could be installed on victims’ machines. According to research, the virus tends to remain dormant in the system, until it is activated by receiving data streams.

They use special formats to activate resources, without necessarily needing commands to give access to the machine. In this case, from Syslogk, Rekoobe is activated, which can be used to deactivate the backdoor, as well as completely remove contaminated systems.

This action causes the threat to appear on the system very cautiously, appearing to be legitimate processes. That way, by the time the administrator realizes the danger, it’s already too late and the damage is already being done.