Cybersecurity researchers have uncovered a novel Linux malware delivery method using malicious filename encoding in phishing emails to bypass detection. The attack involves deploying the VShell backdoor via an open-source malware chain that leverages command injection and Base64 encoding. #VShell #ShellCommandInjection
Keypoints
- The attack chain starts with phishing emails containing RAR archives with maliciously crafted filenames.
- The filenames include Bash code that triggers command execution when interpreted by the shell.
- Extraction alone does not trigger the malware; execution occurs when the filename is parsed by a script or command.
- The malware delivery uses in-memory techniques to avoid disk-based detection on Linux devices.
- A separate Linux post-exploit tool, RingReaper, employs io_uring to evade traditional monitoring and escalate privileges.
Read More: https://thehackernews.com/2025/08/linux-malware-delivered-via-malicious.html