Linux systems are being hit by a wide-ranging and dangerous new malware

Perfctl is a newly-discovered and unfortunately capable malware strain

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Linux systems are being targeted by a dangerous newmalwarethat can serve as a loader, a proxy, and a cryptocurrency miner.

Called Perfctl, the malware was recently spotted by cybersecurity researchers from Aqua Security, who claim it has been around since at least 2021, and has so far infected thousands ofLinuxendpoints. There are two main ways threat actors deploy Perfctl - either by exploiting thousands of possible misconfigurations, or by abusing a 10/10 vulnerability discovered last year.

Misconfigurations can be pretty much anything, from weak passwords to anything else. As for the vulnerabilities, the researchers saw CVE-2023-33426 being abused. This is an out-of-bounds read flaw with a severity score of 10/10, found in the messaging and streaming platform Apache RocketMQ.

Proxy and loader

Once the malware is deployed, it goes the extra mile to remain hidden, and persistent, leaving users Reddit complaining they were unable to remove the malware from their devices, even after deleting multiple components.

When it works, Perfctl can do a number of things. Its most prominent feature seems to be mining cryptocurrency for the attackers. However, it can also serve as a proxy for a commercial service, with other crooks paying to have their traffic routed through these devices and thus anonymized. Finally, the malware can serve as a loader, to deploy other programs as necessary.

So far, the researchers have not determined who is behind the attack, or what their end goal is. They added that while the number of infected devices is in the thousands, the number of potential targets is in the millions - suggesting that Linux system operators should be on the lookout for potential indicators of compromise.

ViaArs Technica

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere