Malware, Threat Intelligence

Advanced perfctl malware poses significant risk to Linux systems

Share
cyber threat risk management , malware and virus prevention , security awareness

Hackread reports that millions of Linux servers around the world have been subjected to intrusions with the newly discovered perfctl malware during the past few years.

Attacks commence with the targeting of vulnerable Apache RocketMQ servers with perfctl, which would then download the primary payload httpd for persistence and concealment before its execution to facilitate cryptocurrency mining and proxyjacking activities, according to an analysis from Aqua Nautilus. Researchers also found that perfctl not only leveraged the Polkit flaw, tracked as CVE-2021-4043, for privilege escalation but also utilized sophisticated rootkit and evasion methods. "Given the scale, we strongly believe the attackers targeted millions worldwide with a potential number of victims of thousands, it appears that with this malware any Linux server could be at risk," said Aqua Nautilus, which recommended the implementation of regular security updates, intrusion detection systems, and endpoint protection tools to mitigate such a threat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.