Posted 3/12/2024, 12:33:07 AM
Linux Credential-Stealing Malware Evades Detection for 2+ Years
- Linux malware called NerbianRAT went undetected for 2+ years before being identified as a credential stealer installed via recent exploits
- NerbianRAT is a Linux version of remote access malware first seen in 2022
- Threat actor Magnet Goblin uses 1-day exploits to install NerbianRAT and related malware MiniNerbian
- Magnet Goblin has exploited flaws in Magento, Qlink Sense, Ivanti Secure Connect, and possibly Apache ActiveMQ
- NerbianRAT connects to a command server at 172.86.66[.]165 and steals credentials and VPN information