Malware, Threat Intelligence

Novel ShadowHS malware targets Linux environments

Privacy concept: pixelated words Malware on digital background, 3d render

Linux systems are being threatened by the newly discovered ShadowHS fileless malware framework, which leverages a multi-stage encrypted loader that decrypts and executes its payload into memory for clandestine targeted compromise, Cyber Security News reports.

Aside from featuring security control fingerprinting, defensive tool discovery, and environment assessment capabilities, ShadowHS also enables credential pilfering, privilege escalation, lateral movement, and data exfiltration without being detected by endpoint monitoring tools and firewalls, according to Cyble researchers. Intrusions commence with the deployment of an obfuscated shell loader with high entropy payloads, which performs runtime dependency validation before payload decryption.

Meanwhile, Perl marker translation, byte offset skipping, credential-based AES decryption, and gzip decompression have been conducted to reconstruct payloads, which are then executed from anonymous file descriptors, while being concealed through argv parameter spoofing. Such capabilities have allowed ShadowHS to not only hinder incident response initiatives but also ensure continued access to breached systems, researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds