Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Not even the best antivirus could have shielded you from this Linux and macOS malware

Image Description

Researchers have identified a new strain of Linux and macOS malware capable of eluding even the most reputable antivirus services.

According to security company Sonatype, the malicious program was discovered on the npm registry, a developer resource that catalogues various open source JavaScript packages.

The malware was listed on the database as “web-browserify”,  in imitation of the popular Browserify component, which has been downloaded upwards of 160 million times since launch.

Linux and macOS malware

Analysis conducted by Sonatype revealed the web-browserify package had been created by stitching together hundreds of different open source components, all of which are legitimate when taken in isolation.

Once downloaded, the package extracts and runs an ELF malware executable, elevating the attacker’s privileges and laying the foundations for all manner of surveillance activities. The data types harvested by the malware include OS information, VMs present on the system, Docker images, connected bluetooth devices and various data points on the device hardware.

The malware is also able to gain persistence on Linux, building itself into the startup process that activates whenever a device is switched on.

Although the malware threat was detected relatively early, having accrued only 50 downloads, researchers found it had an alarming ability to bypass security measures. At the time of writing, the ELF malware smuggled in the malicious package has a zero detection rate among all leading antivirus software.

The chaining together of legitimate software for illegitimate purposes is thought to have allowed the malware to evade detection so successfully.

The web-browserify package has since been removed from the npm registry, but sets a precedent that could inform future attacks of this kind.

Via BleepingComputer

Date

14 Apr 2021

Sources


Share


Other Blog

  • Google is giving you more control over dark mode in Chrome

    Android users get first look at new site auto-dark options

    Read More
  • Exetel's NBN 50 plan is now just AU$50p/m, the cheapest 50Mbps option ever

    After long laying claim to the most affordable NBN 50 plan, Tangerine has been pushed out by Exetel.

    Read More
  • New IBM POWER processor delivers massive data center performance gains

    IBM’s new processor will increase energy efficiency and workload capacity.

    Read More
  • Apple fixes yet more iOS zero-day security threats

    Security teams at Apple have been busy fixing zero-day vulnerabilities this year.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us