Hackers hijack Linux devices using PRoot isolated filesystems

Started by Corrine, December 05, 2022, 05:47:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

Via Bleeping Computer at Hackers hijack Linux devices using PRoot isolated filesystems:

QuoteHackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions.

A Bring Your Own Filesystem attack is when threat actors create a malicious filesystem on their own devices that contain a standard set of tools used to conduct attacks.

This file system is then downloaded and mounted on compromised machines, providing a preconfigured toolkit that can be used to compromise a Linux system further.

"First, threat actors build a malicious filesystem which will be deployed. This malicious filesystem includes everything that the operation needs to succeed," explains a new report by Sysdig.

"Doing this preparation at this early stage allows all of the tools to be downloaded, configured, or installed on the attacker's own system far from the prying eyes of detection tools."

Sysdig says the attacks typically lead to cryptocurrency mining, although more harmful scenarios are possible.

The researchers also warn about how easy this novel technique could make scaling malicious operations against Linux endpoints of all kinds.

More info at the referenced article.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.