The EvilGnomes Linux malware has been linked to infamous Russian threat actors from the Gamaredon Group.
The IT security researchers at Intezar Labs have discovered a sophisticated new backdoor Linux malware in the wild that has been developed to target Linux devices.
Dubbed EvilGnomes by researchers; the malware was found masquerading as a Gnome shell extension targeting Linux’s desktop users.
It is worth noting that the researchers spotted the malware after its author directly uploaded its test version on VirusTotal where none of the anti-virus software detected any suspicious activity.
According to Intezar Labs’ blog post, along with backdoor capabilities, EvilGnomes malware is also equipped with keylogging, it snaps desktop screenshots on a targeted device, steals files, record conversations through victim’s microphone and drop additional Linux malware on the system.
It is believed that EvilGnomes is associated with Russian threat actors from the Gamaredon Group who has been active since 2013, especially against the Ukrainian government. The Gamaredon Group uses spear-phishing campaigns to target its victims while its payloads are hosted and distributed from different Russian hosting companies.
EvilGnome also uses the same hosting company that has been used by the Gamaredon Group for years. Intezar Labs’ further noted that server used by the Gamaredon Group had SSH over port 3436 which happened to be the same used by EvilGnome.
Th ..
Support the originator by clicking the read the rest link below.
