Breaking News

What Is Cloud Gaming? One UI 3 Brings Seamless Continuity and Intuitive Interactions to the Galaxy Z Fold2 GIGABYTE Launches AORUS ELITE series graphics cards Effective Noise Canceling and Impressive Sound Quality Put the ‘Pro’ in Galaxy Buds Pro GIGABYTE Releases the AORUS WATERFORCE X SERIES AIO Liquid Cooler

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Lazarus Group Targets Linux With New Malware

Lazarus Group Targets Linux With New Malware

Enterprise & IT Dec 18,2019 0

North Korea’s state-backed hacker group Lazarus Group, the authors
of 2017’s WannaCry ransomware attack, has launched a new Remote Access Trojan (RAT) malware called Dacls affecting both Windows and Linux devices.

Spotted by researchers at Qihoo 360 Netlab, Dacls is the first Linux malware by Lazarus group as the group has previously targeted only Windows and macOS devices.

At first glance, Dacls seemed to be just another one of the regular botnets, but we soon the security researchers realized that it was something with potential link to the Lazarus Group.

At present, the industry has never disclosed the Lazarus Group's attack samples and cases against the Linux platform. The researchers found that the botnet was a fully functional, covert and RAT program targeting both Windows and Linux platforms, and the samples share some key characters being used by Lazarus Group.

Therefore, they speculate that the attacker behind Dacls RAT is Lazarus Group.

Currently the botnet is shown on VirusTotal with 26 pretty generic malware tag from by 26 antivirus vendors with no relevant analysis report.

Dacls, named after its file name and hard-coded strings (Win32.Dacls and Linux.Dacls,) is a new type of remote-control software.

The malware secures its command and control communication channels using TLS and RC4 double-layer encryption. It deploys the AES encryption technique to encrypt its configuration files.

Its functions are modular, the C2 protocol uses TLS and RC4 double-layer encryption, the configuration file uses AES encryption and supports C2 instruction dynamic update. The Win32.Dacls plug-in module is dynamically loaded through a remote URL, and the Linux version of the plug-in is compiled directly in the Bot program.

The researchers found a series of samples on a suspected download server http://www.areac-agr.com/cms/wp-content/uploads/2015/12/, including Win32.Dacls, Linux.Dacls, the open source program Socat, and working payload for Confluence CVE-2019-3396.

The function of the sample the researchers found is simple. It collects the target host information by specifying the parameters of the log collecting process. It avoids scanning some specified root and secondary directories, and write the retrieved file path to /tmp/hdv.log.

When all the work is done, it executes the system tar command to compress the log file tar -cvzf /tmp/hdv.rm /tmp/hdv.log and upload it to the specified log collecting interface.

The main functions of Linux.Dacls Bot include: command execution, file management, process management, test network access, C2 connection agent, network scanning module.

Tags: malwareLinuxbotnet
Previous Post
Amazon, Apple, Google, Zigbee Alliance Form Working Group to Develop Open Standard for Smart Home Services
Next Post
Hyundai and Kia Debut Virtual Reality Design Evaluation System

Related Posts

  • Intel and Microsoft Convert Malware to Images to Spot Threads Faster

  • System76's Lemur Pro Linux Laptop Now Available

  • Malwarebytes Outlines Coronavirus Scams

  • System76 Is Designing Its Own Keyboard

  • Microsoft Disrupts World’s Largest Online Criminal Network

  • Google's AI Tool Scans Billions of Gmail Attachments to Secure Inboxes

  • Microsoft Brings Microsoft Defender ATP to Linux, iOS and Android

  • Pentagon, DHS And FBI Issued New Malware Warning For Windows Users

Latest News

What Is Cloud Gaming?
Gaming

What Is Cloud Gaming?

One UI 3 Brings Seamless Continuity and Intuitive Interactions to the Galaxy Z Fold2
Smartphones

One UI 3 Brings Seamless Continuity and Intuitive Interactions to the Galaxy Z Fold2

GIGABYTE Launches AORUS ELITE series graphics cards
Gaming

GIGABYTE Launches AORUS ELITE series graphics cards

Effective Noise Canceling and Impressive Sound Quality Put the ‘Pro’ in Galaxy Buds Pro
Consumer Electronics

Effective Noise Canceling and Impressive Sound Quality Put the ‘Pro’ in Galaxy Buds Pro

GIGABYTE Releases the AORUS WATERFORCE X SERIES AIO Liquid Cooler
GPUs

GIGABYTE Releases the AORUS WATERFORCE X SERIES AIO Liquid Cooler

Popular Reviews

CeBIT 2005

CeBIT 2005

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed