The discovery of Linux backdoor malware is unusual as it uses stealth techniques that have not been seen before. This malware is extremely hard to detect as it does a very efficient job of cleaning the infected systems of any traces of it’s operations. Once infected the malware gives high levels of access to the threat actors, including collecting credentials and exfiltrating the data.
Researchers from The BlackBerry Threat Research & Intelligence Team and Intezer have named the malware Symbiote due to the way it infiltrates a machine by infecting running processes rather than being a detectable standalone executable file.
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat (intezer.com)
The report goes into detail about the operation, stealth and attack process of the malware and includes details of the infected processes and other indicators of infection.
Further Reading
Summary of Symbiote Research (A New, Nearly-Impossible-to-Detect Linux Threat) – Intezer
New ultra-stealthy Linux backdoor isn’t your everyday malware discovery | Ars Technica
