A malware capable of capturing credentials and enabling backdoor access, implemented as a userland rootkit. It uses three methods for hiding its network activity, by hooking and hijacking 1) fopen/fopen64, 2) eBPF, 3) a set of libpcap functions.
|2023-07-13 ⋅ Trend Micro ⋅ |
Detecting BPFDoor Backdoor Variants Abusing BPF Filters
|2022-07-26 ⋅ Cyber Geeks ⋅ |
How To Analyze Linux Malware – A Case Study Of Symbiote
|2022-07-26 ⋅ CYBER GEEKS All Things Infosec ⋅ |
HOW to Analyze Linux Malware - A Case Study of Symbiote
|2022-07-06 ⋅ Intezer ⋅ |
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
HiddenWasp OrBit Symbiote
|2022-06-09 ⋅ Blackberry ⋅ |
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
There is no Yara-Signature yet.