“`html
Recent findings reveal that a significant number of Linux systems have fallen victim to a stealthy malware variant, which is particularly alarming due to its ability to exploit numerous misconfigurations and engage in various malicious activities. This information was disclosed by researchers on Thursday.
This malware has been active since at least 2021 and can infiltrate systems by taking advantage of over 20,000 prevalent misconfigurations. This extensive capability suggests that millions of Internet-connected devices could be at risk. Researchers from Aqua Security highlighted that the malware also targets CVE-2023-33426, a critical vulnerability rated 10 out of 10 for severity, which was addressed last year in Apache RocketMQ—a widely used messaging and streaming platform on many Linux servers.
The Rise of Perfctl
The malware has been dubbed “Perfctl,” named after a component that clandestinely mines cryptocurrency. The developers behind this malicious software cleverly combined the name with “perf,” referring to the Linux performance monitoring tool, along with “ctl,” an abbreviation frequently associated with command-line utilities. A distinctive feature of Perfctl is its tendency to use process and file names that closely resemble those typically found within Linux environments. This naming strategy is one among several tactics employed by the malware to evade detection from users whose systems it has compromised.
For further details, you can read the complete article here.
Comments
“`
