View Single Post
Staro 02.04.2025., 16:04   #4009
tomek@vz
Premium
Moj komp
 
tomek@vz's Avatar
 
Datum registracije: May 2006
Lokacija: München/Varaždin
Postovi: 4,741
Citiraj:
A persistent Linux malware known as “Outlaw” has been identified leveraging unsophisticated yet effective techniques to maintain a long-running botnet.


Outlaw follows a structured multi-stage infection process:
  1. Initial Access: The malware gains entry through SSH brute-forcing, targeting systems with weak or default credentials. A component called “blitz” handles these brute-force attacks by retrieving target lists from a command-and-control (C2) server.
  2. Payload Deployment: Once access is gained, the malware downloads and executes a package containing scripts and binaries. The primary dropper script, tddwrt7s.sh, initiates the infection chain by deploying components into hidden directories.
  3. Persistence Mechanisms: Outlaw establishes persistence through cron jobs and SSH key manipulation. It injects attacker-controlled SSH keys into compromised systems while locking configuration files to prevent tampering.
  4. Propagation: The malware acts as a worm, spreading laterally within local subnets by launching additional SSH brute-force attacks from infected hosts. This self-replication ensures rapid expansion of the botnet.

> gbhackers


__________________
Lenovo LOQ 15AHP9 83DX || AMD Ryzen 5 8645HS / 16GB DDR5 / Micron M.2 2242 1TB / nVidia Geforce RTX 4050 / Windows 11 Pro
Lenovo Thinkpad L15 Gen 1 || Intel Core i5 10210U / 16GB DDR4 / WD SN730 256GB / Intel UHD / Fedora Workstation 42
tomek@vz je offline   Reply With Quote