Breaking News

ZOTAC to Showcase New Graphics Card Models, Handheld Consoles, and AI-accelerated Systems at COMPUTEX 2025 ZHIYUN Launches CINEPEER SMOOTH 5E Mainstream Smartphone Gimbal xMEMS Unveils Sycamore-W – The World’s Thinnest Speaker Engineered for Smart Watches and Fitness Bands Samsung announces Galaxy S25 Edge DJI announces Mavic 4 Pro

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Lazarus Group Targets Linux With New Malware

Lazarus Group Targets Linux With New Malware

Enterprise & IT Dec 18,2019 0

North Korea’s state-backed hacker group Lazarus Group, the authors
of 2017’s WannaCry ransomware attack, has launched a new Remote Access Trojan (RAT) malware called Dacls affecting both Windows and Linux devices.

Spotted by researchers at Qihoo 360 Netlab, Dacls is the first Linux malware by Lazarus group as the group has previously targeted only Windows and macOS devices.

At first glance, Dacls seemed to be just another one of the regular botnets, but we soon the security researchers realized that it was something with potential link to the Lazarus Group.

At present, the industry has never disclosed the Lazarus Group's attack samples and cases against the Linux platform. The researchers found that the botnet was a fully functional, covert and RAT program targeting both Windows and Linux platforms, and the samples share some key characters being used by Lazarus Group.

Therefore, they speculate that the attacker behind Dacls RAT is Lazarus Group.

Currently the botnet is shown on VirusTotal with 26 pretty generic malware tag from by 26 antivirus vendors with no relevant analysis report.

Dacls, named after its file name and hard-coded strings (Win32.Dacls and Linux.Dacls,) is a new type of remote-control software.

The malware secures its command and control communication channels using TLS and RC4 double-layer encryption. It deploys the AES encryption technique to encrypt its configuration files.

Its functions are modular, the C2 protocol uses TLS and RC4 double-layer encryption, the configuration file uses AES encryption and supports C2 instruction dynamic update. The Win32.Dacls plug-in module is dynamically loaded through a remote URL, and the Linux version of the plug-in is compiled directly in the Bot program.

The researchers found a series of samples on a suspected download server http://www.areac-agr.com/cms/wp-content/uploads/2015/12/, including Win32.Dacls, Linux.Dacls, the open source program Socat, and working payload for Confluence CVE-2019-3396.

The function of the sample the researchers found is simple. It collects the target host information by specifying the parameters of the log collecting process. It avoids scanning some specified root and secondary directories, and write the retrieved file path to /tmp/hdv.log.

When all the work is done, it executes the system tar command to compress the log file tar -cvzf /tmp/hdv.rm /tmp/hdv.log and upload it to the specified log collecting interface.

The main functions of Linux.Dacls Bot include: command execution, file management, process management, test network access, C2 connection agent, network scanning module.

Tags: malwareLinuxbotnet
Previous Post
Amazon, Apple, Google, Zigbee Alliance Form Working Group to Develop Open Standard for Smart Home Services
Next Post
Hyundai and Kia Debut Virtual Reality Design Evaluation System

Related Posts

  • NVIDIA Accelerates Open Data Center Innovation

  • Intel and Microsoft Convert Malware to Images to Spot Threads Faster

  • System76's Lemur Pro Linux Laptop Now Available

  • Malwarebytes Outlines Coronavirus Scams

  • System76 Is Designing Its Own Keyboard

  • Microsoft Disrupts World’s Largest Online Criminal Network

  • Google's AI Tool Scans Billions of Gmail Attachments to Secure Inboxes

  • Microsoft Brings Microsoft Defender ATP to Linux, iOS and Android

Latest News

ZOTAC to Showcase New Graphics Card Models, Handheld Consoles, and AI-accelerated Systems at COMPUTEX 2025
GPUs

ZOTAC to Showcase New Graphics Card Models, Handheld Consoles, and AI-accelerated Systems at COMPUTEX 2025

ZHIYUN Launches CINEPEER SMOOTH 5E Mainstream Smartphone Gimbal
Cameras

ZHIYUN Launches CINEPEER SMOOTH 5E Mainstream Smartphone Gimbal

xMEMS Unveils Sycamore-W – The World’s Thinnest Speaker Engineered for Smart Watches and Fitness Bands
Enterprise & IT

xMEMS Unveils Sycamore-W – The World’s Thinnest Speaker Engineered for Smart Watches and Fitness Bands

Samsung announces Galaxy S25 Edge
Smartphones

Samsung announces Galaxy S25 Edge

DJI announces Mavic 4 Pro
Drones

DJI announces Mavic 4 Pro

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Rock 5

be quiet! Dark Rock 5

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

G.skill Trident Z5 Neo RGB DDR5-6000 64GB CL30

G.skill Trident Z5 Neo RGB DDR5-6000 64GB CL30

Arctic Liquid Freezer III 420 - 360

Arctic Liquid Freezer III 420 - 360

Crucial Pro OC 32GB DDR5-6000 CL36 White

Crucial Pro OC 32GB DDR5-6000 CL36 White

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed