Linux Hacked By a Hacker

A newly discovered Linux malware has been observed while attacking and infecting an SSH server honeypot with a new Denial of Service (DoS) bot strain dubbed Chalubo and used by the bad actors to perform large-scale Distributed Denial of Service (DDoS) attacks.

As Sophos's Timothy Easton discovered, the actors behind the Chalubo bot use code from both from Xor.DDoS and Mirai malware families and they encrypt the bot with the help of the ChaCha stream cipher.

This type of obfuscation technique is designed to obstruct analysis, a common trait of malware developed for the Windows platform but very rarely seen when it comes to Linux malicious tools.

Sophos initially observed the Chalubo botnet in action at the end of August 2018 when the attackers were using a three components based propagation method (i.e., a downloader, the bot, and a command script).

No comments:

Post a Comment