Communications of the ACM

Home/News/Security Researchers Discover Linux Version of Winnti.../Full Text

ACM TechNews

Security Researchers Discover Linux Version of Winnti Malware

By ZDNet
May 22, 2019
Comments

View as: Print Mobile App Share:

A representation of the Winnti malware. — Security researchers have discovered a Linux version of the Winnti malware.

Credit: ZDnet

Security researchers discovered a Linux version of Winnti, a malware used by Chinese government-sponsored hackers, which operates as a backdoor on compromised hosts.

Researchers at Alphabet's cybersecurity unit Chronicle found Winnti malware on the Bayer drug company's systems after Bayer was attacked by Chinese hackers.

The researchers detected the Linux variant when scanning for Winnti on Chronicle's VirusTotal platform. Its components include a rootkit element that conceals the malware on infected hosts, and the backdoor trojan itself.

The variant's code resembled the Winnti 2.0 Windows version, and conducted similar handling of outbound communications with its command-and-control (C&C) server.

Moreover, the Linux iteration enabled Chinese hackers to link to infected hosts while bypassing C&C servers.

From ZDNet
View Full Article

No entries found

Security Researchers Discover Linux Version of Winnti Malware

Bitcoin ETFs Have Arrived. Here's Who Stands to Get Rich

Undergraduate Computer Science Curricula

'On Expert Testimony': A Response