The Perfctl malware represents a significant threat to Linux servers worldwide, emphasizing the need for robust security measures and vigilant monitoring. Mitigation strategies include patching vulnerabilities, restricting file execution in writable directories, disabling unused services, implementing strict privilege management, and deploying runtime protection tools that can detect rootkits and fileless malware. A sophisticated and elusive malware known as “Perfctl,” has been discovered targeting millions of Linux servers worldwide. Researchers at Aqua Nautilus have shed light on this malware, which has been actively exploiting over 20,000 types of misconfigurations in Linux servers over the past 3-4 years. To detect Perfctl malware, users should look for unusual spikes in CPU usage, system slowdowns, and suspicious binaries in the /tmp, /usr, and /root directories. The Perfctl malware is particularly persistent and employs several advanced techniques to evade detection and maintain control over infected systems. The malware’s ability to target a wide range of misconfigurations makes it a significant threat to any Linux server connected to the internet. It uses rootkits to hide its presence, stops all “noisy” activities when a new user logs into the server, and communicates internally using Unix sockets and externally via TOR.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 04 Oct 2024 01:45:28 +0000