Sign In

Communications of the ACM

ACM TechNews

Security Researchers Discover Linux Version of Winnti Malware

View as: Print Mobile App Share:
A representation of the Winnti malware.

Security researchers have discovered a Linux version of the Winnti malware.

Credit: ZDnet

Security researchers discovered a Linux version of Winnti, a malware used by Chinese government-sponsored hackers, which operates as a backdoor on compromised hosts.

Researchers at Alphabet's cybersecurity unit Chronicle found Winnti malware on the Bayer drug company's systems after Bayer was attacked by Chinese hackers.

The researchers detected the Linux variant when scanning for Winnti on Chronicle's VirusTotal platform. Its components include a rootkit element that conceals the malware on infected hosts, and the backdoor trojan itself.

The variant's code resembled the Winnti 2.0 Windows version, and conducted similar handling of outbound communications with its command-and-control (C&C) server.

Moreover, the Linux iteration enabled Chinese hackers to link to infected hosts while bypassing C&C servers.

From ZDNet
View Full Article


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found