BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New malware from Chinese hackers targeting Linux servers

    Security firm ExaTrack says an unknown Chinese-sponsored hacker group is using new malware to attack Linux servers.

    ExaTrack experts found samples of malware documented in early 2022, dubbed Mélofée.

    One of the samples is designed to deliver a kernel-mode rootkit based on the open-source Reptile project. The rootkit has a limited set of features, mainly installing a webhook designed to hide the rootkit itself.

    According to security researchers, the implant and rootkit are deployed using shell commands that download an installer and a binary package from a remote server. The installer takes a binary package as an argument and then extracts the rootkit as well as the server implant module, which is currently under active development.

    Mélofée receives instructions from a remote server to manipulate files, create sockets, launch a shell and execute arbitrary commands, and establish persistence. It is worth noting that some Pupy RAT samples in the January campaign were hidden using the Reptile rootkit.

    The ExaTrack team linked the Mélofée malware to China based on infrastructure overlaps with APT41 (Winnti) and Earth Berberoka (GamblingPuppet).

    ExaTrack also discovered another implant, codenamed AlienReverse, which shares similar code to Mélofée and uses the publicly available tools EarthWorm and socks_proxy.

    Experts note that Mélofée's capabilities are relatively simple, but can allow attackers to carry out their attacks undetected. The discovered implants were not widely known, which means that cybercriminals are likely to use malware only in attacks against certain targets.

    Author DeepWeb
    A new browser from Tor and Mullvad has appeared with increased privacy without the Tor network
    Impala Stealer: another cryptocurrency thief has reached the developers, this time through the NuGet platform

    Comments 0

    Add comment