81/68 Friday, February 28, 2025
Researchers from Palo Alto Networks Unit 42 have discovered a previously undocumented Linux malware named Auto-Color, which has been targeting universities and government organizations in North America and Asia between November and December 2024. This malware allows attackers to gain full remote access to infected systems, making its removal extremely difficult without specialized software.
One of Auto-Color’s key features is its ability to evade detection by using seemingly harmless filenames such as “door” or “egg”. It also conceals connections to its command-and-control (C2) server through a proprietary encryption algorithm. Once it gains root privileges, the malware installs a malicious library (libcext.so.2) and modifies system files to establish persistence on the target machine. Additionally, it protects itself from removal by safeguarding critical system configuration files.
When executed, Auto-Color communicates with the C2 server, enabling attackers to control the system remotely. This includes creating reverse shells, modifying files, executing programs, and even using the infected machine as a relay to communicate with other targets. Researchers warn that this malware poses a serious threat to Linux systems and advise system administrators to monitor for unusual behavior and deploy security software capable of detecting such threats.
Source https://thehackernews.com/2025/02/new-linux-malware-auto-color-grants.html
