Web: https://www.schneier.com/blog/archives/2022/06/symbiote-backdoor-in-linux.html

June 22, 2022, 11:07 a.m. | Bruce Schneier

Schneier on Security schneier.com


What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine. Once it has infected all the running processes, it provides the threat actor with …

backdoor backdoors linux malware symbiote

Collection Network Penetration Test Engineer TS SCI/Poly Eligible

@ Sixgen Inc. | United States

Senior Infrastructure Security Engineer

@ Angi | Toronto, ON - Remote

Senior Security Operations Engineer

@ Axiom Zen | Remote

Endpoint Protections - Security Research Engineer II

@ Elastic | United States

Senior Cyber Security Engineer

@ Evaluate | London, England, United Kingdom

Device Security Lead

@ Worldcoin | Berlin ; Erlangen ; New York ; San Francisco