Sign In

Communications of the ACM

ACM TechNews

Security Researchers Discover Linux Version of Winnti Malware


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A representation of the Winnti malware.

Security researchers have discovered a Linux version of the Winnti malware.

Credit: ZDnet

Security researchers discovered a Linux version of Winnti, a malware used by Chinese government-sponsored hackers, which operates as a backdoor on compromised hosts.

Researchers at Alphabet's cybersecurity unit Chronicle found Winnti malware on the Bayer drug company's systems after Bayer was attacked by Chinese hackers.

The researchers detected the Linux variant when scanning for Winnti on Chronicle's VirusTotal platform. Its components include a rootkit element that conceals the malware on infected hosts, and the backdoor trojan itself.

The variant's code resembled the Winnti 2.0 Windows version, and conducted similar handling of outbound communications with its command-and-control (C&C) server.

Moreover, the Linux iteration enabled Chinese hackers to link to infected hosts while bypassing C&C servers.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account