Citiraj:
A persistent Linux malware known as “Outlaw” has been identified leveraging unsophisticated yet effective techniques to maintain a long-running botnet.
Outlaw follows a structured multi-stage infection process:
- Initial Access: The malware gains entry through SSH brute-forcing, targeting systems with weak or default credentials. A component called “blitz” handles these brute-force attacks by retrieving target lists from a command-and-control (C2) server.
- Payload Deployment: Once access is gained, the malware downloads and executes a package containing scripts and binaries. The primary dropper script, tddwrt7s.sh, initiates the infection chain by deploying components into hidden directories.
- Persistence Mechanisms: Outlaw establishes persistence through cron jobs and SSH key manipulation. It injects attacker-controlled SSH keys into compromised systems while locking configuration files to prevent tampering.
- Propagation: The malware acts as a worm, spreading laterally within local subnets by launching additional SSH brute-force attacks from infected hosts. This self-replication ensures rapid expansion of the botnet.
|
> gbhackers

__________________
Lenovo LOQ 15AHP9 83DX || AMD Ryzen 5 8645HS / 16GB DDR5 / Micron M.2 2242 1TB / nVidia Geforce RTX 4050 / Windows 11 Pro
Lenovo Thinkpad L15 Gen 1 || Intel Core i5 10210U / 16GB DDR4 / WD SN730 256GB / Intel UHD / Fedora Workstation 42
|