Root of All Evil: LinkPro Linux Rootkit Unleashes Chaos on AWS!
The AWS compromise led to the discovery of LinkPro, a sneaky new GNU/Linux rootkit. It waits for a ‘magic packet’ to activate, like a secret agent waiting for a coded message. This rootkit’s stealth mode is so good, it might just convince your server it’s a ninja.
Hot Take:
Who knew that magic packets were the new rabbit foot of hackers? While you’re busy updating your Jenkins server, these cyber tricksters have turned your AWS infrastructure into their personal magic show, complete with disappearing files and conjured-up command executions. One day you’re building in the cloud, and the next, you’ve got a rootkit that thinks it’s Houdini. Poof! Your security just vanished.
Key Points:
- LinkPro, a new GNU/Linux rootkit, has been discovered infiltrating AWS infrastructure through an exploited Jenkins server.
- The rootkit uses two eBPF modules for concealment and activation via a “magic packet.”
- A malicious Docker image and additional malware strains were deployed on Kubernetes clusters.
- LinkPro’s stealth includes modifying the “/etc/ld.so.preload” file to hide its presence.
- The attack’s sophistication suggests financially motivated threat actors, but their identity remains unknown.
Already a member? Log in here