This new Linux malware is 'almost impossible' to detect

Image: Getty Images/iStockphoto

A joint research effort has led to the discovery of Symbiote, a new form of Linux malware that is “almost impossible” to detect. 

On Thursday, researchers from BlackBerry Threat Research & Intelligence team, together with Intezer security researcher Joakim Kennedy, published a blog post on the malware – dubbed Symbiote because of its “parasitic nature.”

The team discovered Symbiote several months ago. Symbiote differs from today’s typical Linux malware, which normally will attempt to compromise running processes, and instead acts as a shared object (SO) library that is loaded on all running processes via LD_PRELOAD. 

SEE: Don’t let your cloud cybersecurity choices leave the door open for hackers

The shared object library “parasitically” compromises a target machine, the researchers say, and once its claws are deeply embedded in the system, the malware provides attackers with rootkit functionality. 

The first sample dates from November 2021 and appears to have been developed to target financial institutions in Latin America. However, as the malware is new and very evasive, the researchers aren’t sure if Symbiote is being used in targeted or broad attacks, if at all. 

Symbiote has several interesting features. For example, the malware uses Berkeley Packet Filter (BPF) hooking, a

Read More: