fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Linux Malware Uses Open-source Tool To Evade Detection

Linux Malware Uses Open-source Tool To Evade Detection

AT&T Alien Labs security researchers have discovered that the TeamTNT cybercrime group upgraded their Linux crypto-mining with open-source detection evasion capabilities.

TeamTNT is mostly known for targeting and compromising Internet-exposed Docker instances for unauthorized Monero (XMR) mining.

However, the group has also shifted tactics by updating its Linux cryptojacking malware named Black-T to also harvest user credentials from infected servers.

TeamTNT now further upgraded their malware to evade detection after infecting and deploying malicious coinminer payloads on Linux devices.

Hiding in plain sight

“The group is using a new detection evasion tool, copied from open source repositories,” AT&T Alien Labs security researcher Ofer Caspi says in a report published today.

Also Read: Key PDPA Amendments 2019/2020 You Should Know

This tool is known as libprocesshider and is an open-source tool available on Github that can be used to hide any Linux process with the help of the ld preloader.

“The objective of the new tool is to hide the malicious process from process information programs such as `ps` and `lsof`, effectively acting as a defense evasion technique,” Caspi added.

The detection evasion tool is deployed on infected systems as a base64 encoded bash script embedded within the TeamTNT ircbot or cryptominer binary.

Decoded process hiding script (AT&T Alien Labs)

Once the script gets launched on a compromised machine, it will execute a series of tasks that will allow it to:

  • Modify the network DNS configuration.
  • Set persistence through systemd.
  • Drop and activate the new tool as service.
  • Download the latest IRC bot configuration.
  • Clear evidence of activities to complicate potential defender actions.

After going through all the steps, the Black-T malware will also automatically erase all malicious activity traces by deleting the system’s bash history.

“Through the use of libprocesshider, TeamTNT once again expands their capabilities based on the available open source tools,” Caspi concluded.

“While the new functionality of libprocesshider is to evade detection and other basic functions, it acts as an indicator to consider when hunting for malicious activity on the host level.”

Botnet upgrades

The crypto-mining botnet was first spotted in May 2020 by MalwareHunterTeam and later analyzed by Trend Micro who discovered its Docker targeting affinity.

After the malware infects a misconfigured server, it will deploy itself in new containers and drop a malicious payload binary that starts mining for Monero (XMR) cryptocurrency.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

In August, Cado Security spotted TeamTNT worm’s new AWS credentials harvesting feature, making it the first cryptojacking botnet with this capability.

One month later, the malware was observed by Intezer while deploying the legitimate Weave Scope open-source tool to take control of victims’ Docker, Kubernetes, Distributed Cloud Operating System (DC/OS), or AWS Elastic Compute Cloud (ECS) cloud infrastructure.

Earlier this month, TeamTNT started using the open-source Ezuri crypter and memory loader to make their malware virtually undetectable by antivirus products.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us