Program designed to equip women and underrepresented individuals with the necessary skills and knowledge to succeed in cybersecurity. Read More
Related Posts
New XZ backdoor scanner detects implant in any Linux binary
New XZ backdoor scanner detects implant in any Linux binary
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. […] Read More
BleepingComputer
Decoding Cyber Marketing with Illumio’s CMO, Gautam Mahendru
Decoding Cyber Marketing with Illumio’s CMO, Gautam Mahendru
Today, the one and only Gautam Mahendru, CMO at Illumio, joins Maria and Gianna!. In this episode, we crack open Gautam’s playbook as he shares his insights and guides us through the complexities of marketing in cybersecurity. We’ll explore everything from Gautam’s unique journey from engineering roots to the pinnacle of marketing leadership to the intricate details of cybersecurity purchasing behaviors—including team compositions and vendor selection tactics. So, grab your pens and paper, or your digital notebooks if you fancy, and get ready to take some CMO notes! Read More
The CyberWire
New Snapekit Rootkit Malware Targeting Arch Linux Users
New Snapekit Rootkit Malware Targeting Arch Linux Users
A rootkit is a type of malicious software that is primarily designed to provide unauthorized access and control over a computer system while hiding its presence.
They can be difficult to detect and remove as they operate at a low level within the operating system.
Their hiding capabilities enable the threat actors to perform several illicit activities like manipulating system functions, stealing data, and deploying additional malware without detection.
Gen Threat Labs researchers recently discovered a new sophisticated rootkit that was found targeting Arch Linux and this new sophisticated rootkit has been dubbed “Snapekit.”
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
New Snapekit Rootkit Malware
Snapekit is a sophisticated and stealthy rootkit that was specifically engineered to target “Arch Linux” systems running version “6.10.2-arch1-1” on “x86_64 architecture.”
New #rootkit alert! We’ve discovered #Snapekit, a sophisticated rootkit targeting Arch Linux (6.10.2-arch1-1 x86_64). It hooks 21 syscalls, hides its payload, and evades detection by dropping in user space while dodging analysis tools & debuggers. Stay vigilant! #ThreatIntel… pic.twitter.com/DEPjjcHKHA
— Gen Threat Labs (@GenThreatLabs) October 2, 2024
This advanced malware manipulates the system by “hooking” (intercepting and modifying) “21 different system calls,” which are basic communications between programs and the “kernel” of the operating system.
To maintain stealth, Snapekit employs a “user-space dropper” (‘a deployment tool’) that actively scans for and evades common security analysis tools and debuggers like “Cuckoo Sandbox,” “JoeSandbox,” “Hybrid-Analysis,” “Frida” (a dynamic instrumentation toolkit), “Ghidra” (NSA’s reverse engineering tool), and “IDA Pro” (Interactive Disassembler).
When any of these analysis tools are detected, Snapekit intelligently alters its behavior to avoid detection.
This helps the rootkit to hide its malicious payload while operating entirely within the user space rather than the more closely monitored kernel space, which makes it challenging to “detect” and “analyze.”
The advanced malware dropper demonstrates sophisticated anti-analysis capabilities by implementing “PTrace” (‘Process Trace’) detection mechanisms, which actively identify and flag any debugging attempts made against it.
This security measure is combined with “multiple layers” of evasion techniques which makes it resistant to both “automated analysis tools” (like “sandboxes” and “virtual machines”) and “manual reverse engineering” efforts by security researchers.
The creator of the malware known as “Humzak711” has indicated plans to release the complete project of “Snapekit,” as open-source code on the GitHub platform.
It’s a development that could have significant implications for both cybersecurity researchers and threat actors.
The robust defense mechanisms of the malware offer “code obfuscation,” “anti-debugging routines,” and “runtime environment detection,” which makes it an unique model in the current threat landscape.
Security researchers are advised to prepare comprehensive analysis environments with “advanced sandboxing tools,” “debugger bypass techniques,” and “collaborative analysis frameworks” to effectively analyze this threat when it becomes available.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar
The post New Snapekit Rootkit Malware Targeting Arch Linux Users appeared first on Cyber Security News.