Linux systems are in use everywhere, which has caught the attention of cybercriminals. They are coming up with new Linux malware/ransomware on a regular basis. In that vein, Uptycs researchers discovered such a new ransomware strain.

Diving into details

  • An ELF ransomware was found encrypting files in Linux systems according to the provided folder path. While the file found is new, the Onion link in the binary suggests that the ransomware may still be under development.
  • The README note deployed is precisely the same as the one left by DarkAngels ransomware.
  • While the previous version of DarkAngels targeted Windows systems, experts detected this Linux ransomware as DarkAngels ransomware—with a threat score of 10/10—in the development stage.

Another Linux malware

  • AT&T Alien Labs researchers discovered a stealthy Linux malware that can take complete control of compromised systems.
  • Dubbed Shikitega, the malware is targeting IoT devices and endpoints running Linux.
  • This malware can evade detection by antivirus software and uses a polymorphic encoder to make detection more challenging.
  • Shikitega, furthermore, downloads and executes Metasploit’s Mettle meterpreter to increase its control on the victim devices. 
  • In the final stage, it downloads a cryptominer.

The bottom line

Threat actors are constantly targeting IoT devices, servers, and endpoints based on the Linux operating system as the attacks are profitable and provide new methods to deliver malicious payloads. However, ransomware families going cross-platform to target various operating systems is not a new phenomenon. Researchers anticipate advancements and new features in these kinds of malware threats in the future.
Cyware Publisher