Today > 5 Critical | 6 High | 25 Medium vulnerabilities   -   You can now download lists of IOCs here!

perfctl: A Stealthy Malware Targeting Millions of Linux Servers

Oct. 4, 2024, 12:32 p.m.

Tags
linux
rootkit
evasion
privilege-escalation
persistence
cryptomining
CVE-2023-33246
2024-10-04
tor
CVE-2021-4043
proxy-jacking
perfctl
External References
Description

A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, and TOR communication. It primarily focuses on cryptomining and proxy-jacking activities. The malware's persistence mechanisms involve modifying system files and dropping user land rootkits. It targets specific architectures and uses various methods to remain undetected, including hooking critical system functions. The campaign has potentially affected thousands of victims and demonstrates a high level of sophistication in its design and execution.

Date

Published: Oct. 4, 2024, 10:08 a.m.

Created: Oct. 4, 2024, 10:08 a.m.

Modified: Oct. 4, 2024, 12:32 p.m.

Indicators

e16fb2a22fce5241565784b5a8518ed2becc9948d4c398093edbb70a946f9331

ca3f246d635bfa560f6c839111be554a14735513e90b3e6784bedfe1930bdfd6

a6d3c6b6359ae660d855f978057aab1115b418ed277bb9047cd488f9c7850747

31ee4c9984f3c21a8144ce88980254722fd16a0724afb16408e1b6940fd599da

22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13

78.47.18.110

211.234.111.116

104.183.100.189

46.101.139.173

Download all indicators here!

Attack Patterns

perfctl

T1568

T1548

T1014

T1497

T1095

T1021

T1016

T1070

T1574

T1082

T1057

T1083

T1071

T1543

T1055

T1036

T1027

T1562

T1078

T1059

CVE-2021-4043

CVE-2023-33246

CVE-2021-4034