Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.
A new Linux malware that’s “nearly impossible to detect” can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said.
Researchers from The BlackBerry Research and Intelligence Team have been tracking the malware, the earliest detection of which is from November 2021, security researcher Joakim Kennedy wrote in a blog post on the BlackBerry Threat Vector Blog published last week.
Researchers have appropriately dubbed the malware—which apparently was written to target the financial sector in Latin America—”Symbiote.” In biology, the word means an organism that lives in symbiosis with another organism.
The name is an homage to how the malware operates, which is differently than other Linux malware that researchers have encountered, Kennedy explained.
“What makes Symbiote different … is that it needs to infect other running processes to inflict damage on infected machines,” he wrote. “Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running