FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers

[Flash]

FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers

The FBI and NSA issue joint security alert containing technical details about new Linux malware developed by Russia's military hackers.

...The two agencies say Russian hackers used the malware, named Drovorub, to plant backdoors inside hacked networks.

...Drovorub — APT28's swiss-army knife for hacking Linux

Per the two agencies, Drovorub is a multi-component system that comes with an implant, a kernel module rootkit, a file transfer tool, a port-forwarding module, and a command-and-control (C2) server.
"Drovorub is a 'swiss-army knife' of capabilities that allows the attacker to perform many different functions, such as stealing files and remote controlling the victim's computer," McAfee CTO, Steve Grobman, told ZDNet in an email today.
"In addition to Drovorub's multiple capabilities, it is designed for stealth by utilizing advanced 'rootkit' technologies that make detection difficult," the McAfee exec added. "The element of stealth allows the operatives to implant the malware in many different types of targets, enabling an attack at any time."

...To prevent attacks, the agency recommends that US organizations update any Linux system to a version running kernel version 3.7 or later, "in order to take full advantage of kernel signing enforcement," a security feature that would prevent APT28 hackers from installing Drovorub's rootkit.

The joint security alert [PDF] contains guidance for running Volatility, probing for file hiding behavior, Snort rules, and Yara rules — all helpful for deploying proper detection measures.

[williams2]

update any Linux system to a version running kernel version 3.7 or later

The kernel in BionicPup64 is 4.19.23.

Code: Select all

# uname -r
4.19.23
#

[mohittomar13]

Thanks for the information. However, no one would be interested in hacking my machine, all it contain is gibberish web dev code and other stuff, that sometimes I too fail to understand why on earth I wrote those lines in my app.