Summary: A new Linux backdoor, ‘Auto-Color,’ was detected in targeted attacks against universities and government organizations. This malware is highly evasive, capable of persistent access, and utilizes complex encryption to obfuscate communications and commands. Researchers recommend stringent monitoring and behavior-based detection to combat this threat.
Affected: Universities and government organizations in North America and Asia
Keypoints :
- A malicous library is installed, disguising itself to maintain persistence via ‘/etc/ld.preload’.
- Auto-Color uses a custom encryption algorithm, complicating detection of command-and-control communications.
- It includes rootkit features to hide its presence, and a built-in “kill switch” to erase infection traces.
- Monitoring changes to critical system files and network traffic anomalies is essential for defense.