Novel Linux malware facilitates rootkit delivery

The Hacker News reports that malicious actors could leverage the novel Linux malware dubbed "Lightning Framework" to facilitate rootkit installation. Attackers using Lightning Framework could open SSHs on infected machines and enable polymorphic malleable command and control configuration, according to an Intezer report. The framework also features the "kbioset" downloader used for plugin retrieval from a remote server, which will then be used by the core "kkdmflush" module. "The main function of the downloader module is to fetch the other components and execute the core module," wrote researcher Ryan Robinson. Meanwhile, needed commands are then fetched by the core module from the command-and-control server for plugin execution while concealing its operations. An initialization script is then established to ensure persistence. "The Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux," Robinson added. Lightning Framework marks the fifth Linux malware identified within the last quarter.