Tag

Rootkit

All articles tagged with #rootkit

Arch AUR Breach Hits 400+ Packages with Rootkit and Credential Stealer
technology1 month ago

Arch AUR Breach Hits 400+ Packages with Rootkit and Credential Stealer

Over 400 Arch User Repository packages were compromised after a spoofed maintainer injected malicious post-install steps that install a rogue npm package (atomic-lockfile) containing a Linux ELF with an eBPF rootkit and credential-stealing capabilities. The malware targets developer data and tokens across tools like Slack, Teams, Discord, GitHub, Vault, and SSH, and can exfiltrate data via HTTP. Researchers from IFIN and Sonatype describe two attack methods: hijacking orphaned PKGBUILD files to run npm post-install, and abusing a trusted maintainer identity to push malicious commits. Arch is removing the malicious commits and banning accounts; affected users should review indicators of compromise, rotate credentials, and consider reinstalling Arch if compromised.

"Long-Term Exploitation: Windows Zero-Day Vulnerabilities by Lazarus Hackers"
cybersecurity2 years ago

"Long-Term Exploitation: Windows Zero-Day Vulnerabilities by Lazarus Hackers"

Hackers backed by the North Korean government exploited a Windows zero-day vulnerability, CVE-2024-21338, for six months after Microsoft was informed of it, allowing them to install a stealthy rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for malware with administrative system rights to interact with the Windows kernel. Microsoft's delay in patching the vulnerability was attributed to its policy regarding admin-to-kernel vulnerabilities not representing a security boundary. The North Korean threat group Lazarus used the vulnerability to install a custom rootkit, taking advantage of the opportunity for stealth and advanced access to the Windows kernel.