Linux - Cybersec Sentinel

Linux

A collection of 11 posts

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Sindoor Dropper Phishing Exploits Linux Desktop Files for Persistent Remote Control

Threat Group: Transparent Tribe / APT36 / Mythic Leopard / G0134 Threat Type: Targeted phishing dropper, Linux desktop shortcut abuse, remote administration tool deployment, cyber espionage Exploited Vulnerabilities: No public CVE exploitation confirmed. Abuse of Linux .desktop launcher behaviour, user execution, weak attachment controls, and trusted cloud storage delivery. Malware Used: Sindoor Dropper

Koske AI generated malware hides in panda images to mine cryptocurrency

Koske AI generated malware hides in panda images to mine cryptocurrency

Koske AI generated malware hides in panda images to mine cryptocurrency Threat actor: Unknown – opportunistic attackers exploiting misconfigured JupyterLab servers Threat type: AI‑assisted Linux malware for cryptomining Exploited weakness: Unauthenticated and misconfigured JupyterLab server exposure Malware used: Koske (rootkit and shell script), with associated miners such as ccminer Last

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent Linux Patching

Threat Group: General Operating System Threat Threat Type: Privilege Escalation Vulnerabilities Exploited Vulnerabilities: CVE-2025-32462, CVE-2025-32463, CVE-2025-46718 Malware Used: None Threat Score: 🔥 Critical (9.3/10) Last Threat Observation: July 1 , 2025 Overview Recent critical vulnerabilities have been identified in the sudo utility and its Rust-based counterpart, sudo-rs, posing significant threats

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Threat Group: - Earth Bluecrow (also known as Red Menshen, DecisiveArchitect, and Red Dev 18) Threat Type: - Backdoor Malware Exploited Vulnerabilities: - None (leverages BPF and raw sockets for firewall evasion and passive packet monitoring) Malware Used: - BPFDoor (aka Backdoor.Linux.BPFDOOR or JustForFun) Threat Score: - 🔴 High

Auto-Color Linux Malware Deploys Newly Detected Zero-Day

Auto-Color Linux Malware Deploys Newly Detected Zero-Day

Threat Group – BlackCrescent Threat Type – Linux Malware Exploited Vulnerabilities – CVE-2025-1023, CVE-2024-3375, Possible Zero-Day Malware Used – Auto-Color Threat Score – High (8.6/10) Last Threat Observation – February 27, 2025 Overview Auto-Color is a Linux malware strain first identified in early November 2024. Rapidly gaining traction due to its advanced persistence, obfuscation

SystemBC RAT Poses New Risks to Linux System

SystemBC RAT Poses New Risks to Linux System

Threat Group: Various Cybercriminal Groups Threat Type: Remote Access Trojan (RAT) and Proxy Malware Exploited Vulnerabilities: No specific vulnerabilities exploited; relies on various propagation methods Malware Used: SystemBC (also known as Coroxy or DroxiDat) Threat Score: High (8.5/10) – Due to its cross-platform targeting capabilities, advanced evasion techniques, and

PUMAKIT Rootkit Threatens Linux Systems Worldwide

PUMAKIT Rootkit Threatens Linux Systems Worldwide

Threat Group: Unknown Threat Type: Rootkit Exploited Vulnerabilities: Targets Linux kernels prior to version 5.7 Malware Used: PUMAKIT Threat Score: High (8.0/10) – Due to its advanced stealth capabilities and potential impact on critical infrastructure. Last Threat Observation: December 13, 2024, by Elastic Security Labs Overview PUMAKIT is

Linux UEFI at Risk with Bootkitty Malware Emergence

Linux UEFI at Risk with Bootkitty Malware Emergence

Threat Group: Unknown Threat Type: UEFI Bootkit Exploited Vulnerabilities: Linux UEFI Firmware (Kernel Signature Verification Bypass) Malware Used: Bootkitty Threat Score: High (8.0/10) — Due to its advanced attack vector targeting the boot process and its implications for Linux system security. Last Threat Observation: November 27, 2024, Overview In

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Threat Group: Gelsemium APT Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Linux systems, specifically Apache Tomcat servers Malware Used: WolfsBane (Linux backdoor), FireWood (Linux backdoor) Threat Score: High (8.5/10) — Focus on critical infrastructure, advanced obfuscation, and cross-platform targeting. Last Threat Observation: November 22, 2024. Overview The WolfsBane

GNU Wget Exposed by Malicious URI Handling in CVE-2024-38428

GNU Wget Exposed by Malicious URI Handling in CVE-2024-38428

Threat Group: N/A Threat Type: Software Vulnerability Exploited Vulnerabilities: CVE-2024-38428 Malware Used: N/A Threat Score: High (9.1/10) — Critical vulnerability due to potential for sensitive data exposure, phishing, and man-in-the-middle (MiTM) attacks. Last Threat Observation: June 2, 2024, fix commit pushed; vulnerability classified in August 2024. Overview