Linux systems are being threatened by the newly discovered ShadowHS fileless malware framework, which leverages a multi-stage encrypted loader that decrypts and executes its payload into memory for clandestine targeted compromise, Cyber Security News reports.Aside from featuring security control fingerprinting, defensive tool discovery, and environment assessment capabilities, ShadowHS also enables credential pilfering, privilege escalation, lateral movement, and data exfiltration without being detected by endpoint monitoring tools and firewalls, according to Cyble researchers. Intrusions commence with the deployment of an obfuscated shell loader with high entropy payloads, which performs runtime dependency validation before payload decryption.Meanwhile, Perl marker translation, byte offset skipping, credential-based AES decryption, and gzip decompression have been conducted to reconstruct payloads, which are then executed from anonymous file descriptors, while being concealed through argv parameter spoofing. Such capabilities have allowed ShadowHS to not only hinder incident response initiatives but also ensure continued access to breached systems, researchers added.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



