this post was submitted on 19 Sep 2023
240 points (94.8% liked)

Technology

59342 readers
5042 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 30 comments
sorted by: hot top controversial new old
[–] girsaysdoom@sh.itjust.works 61 points 1 year ago* (last edited 1 year ago) (1 children)

Here's a link to the actual Trendmicro article: https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html.

Not sure why OP's article linked the version from 2 years ago.

Also an article with more info: https://www.bleepingcomputer.com/news/security/new-sprysocks-linux-malware-used-in-cyber-espionage-attacks/.

Edit:

My understanding of these articles is that there is a hacking group that is targeting public facing servers that are exploitable using other methods and utilizing this sprysocks software to create an opening for them to remotely access the server. If that's the case then this shouldn't affect most Linux desktops or isolated systems. Let me know if anyone has more info.

[–] Psythik@lemm.ee 8 points 1 year ago (1 children)

Two years ago? Why is this even news, then?

[–] girsaysdoom@sh.itjust.works 5 points 1 year ago

The originally posted article looks like it linked to the older version of this malware. I just linked the newer version of the report from yesterday that I found through a different article.

[–] danielfgom@lemmy.world 50 points 1 year ago (3 children)

On the upside they are helping secure Linux because now the the appropriate action can be taken to prevent this in future.

I'm sure a security patch has already been released. The Linux community normally addresses these things very quickly.

[–] Lmaydev@programming.dev 22 points 1 year ago (1 children)

I'm all for looking on the bright side but this is a bit much lol

Linux users online tend to get very high and mighty every time another OS has a sucurity bug. But it's a good thing for Linux hehe

[–] ElderWendigo@sh.itjust.works 24 points 1 year ago (1 children)

Linux users online tend to get very high and mighty every time another OS has a sucurity bug. But it's a good thing for Linux hehe

That's because illuminating security vulnerabilities is VERY GENERALLY a good thing for an open source community driven software that can be more agile than closed and private code bases that are GENERALLY entrenched in a corporate structure slowed by all of the inertia inherent in those systems.

[–] Shadow@lemmy.ca 14 points 1 year ago

There's no actual vuln here is there? It's just a persistent backdoor that hides with some elf and kernel tricks.

[–] Lucidlethargy@sh.itjust.works 1 points 1 year ago (1 children)

You can literally say this about any and all security breaches, so long as the victims resolve, and fix the breach.

[–] danielfgom@lemmy.world 1 points 1 year ago

Sure. I'm not excusing it, just saying now they we know about it, at least it can get patched. Nothing worse than having a security hole going unpatched for years.

[–] Lmaydev@programming.dev 35 points 1 year ago

Their search turned up a version of the malware with the release number 1.1. The version Trend Micro found was 1.3.6. The multiple versions suggest that the backdoor is currently under development.

They version better than I do at work.

[–] autotldr@lemmings.world 11 points 1 year ago

This is the best summary I could come up with:


Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.

In June, researchers from security firm Trend Micro found an encrypted binary file on a server known to be used by a group they had been tracking since 2021.

The Linux malware ported several functions found in Trochilus and combined them with a new Socket Secure (SOCKS) implementation.

The Trend Micro researchers eventually named their discovery SprySOCKS, with “spry” denoting its swift behavior and the added SOCKS component.

Besides showing interest in espionage activities, Earth Lusca seems financially motivated, with sights set on gambling and cryptocurrency companies.

Monday’s Trend Micro report provides IP addresses, file hashes, and other evidence that people can use to determine if they've been compromised.


The original article contains 537 words, the summary contains 143 words. Saved 73%. I'm a bot and I'm open source!

[–] Lucidlethargy@sh.itjust.works 0 points 1 year ago

Thank goodness I'm on windows.

Just kidding, I know that triggers Lemmy, lol. I actually like Linux a lot, even though I only use it in docker right now.

[–] Destraight@lemm.ee -3 points 1 year ago

Great.. guess I'll install windows 10 again