A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices.
I don’t think it’s an exploit, it’s a backdoor. So someone who already had access drops this binary which then allows for further control by a CoC server.
If you target a binary for dropping a backdoor you usually want to build a binary that runs everywhere. My guess is that they could figure out how to build a drop-in systemd that they could compile once and worked on all major distros. This would be much harder with the kernel itself.
Regarding how it is setup: Often backdoors & exploits are sold in packages and combined when attacking the victims. Depending on the group behind the specific attack, the exploit used for setup may be different on each deployment.
I don’t think it’s an exploit, it’s a backdoor. So someone who already had access drops this binary which then allows for further control by a CoC server.
deleted by creator
If you target a binary for dropping a backdoor you usually want to build a binary that runs everywhere. My guess is that they could figure out how to build a drop-in systemd that they could compile once and worked on all major distros. This would be much harder with the kernel itself.
Regarding how it is setup: Often backdoors & exploits are sold in packages and combined when attacking the victims. Depending on the group behind the specific attack, the exploit used for setup may be different on each deployment.