Summary: A new Linux malware named Auto-Color has compromised universities and government organizations in North America and Asia, allowing threat actors full remote access to infected systems. This malware employs various evasion techniques, including the use of benign-sounding file names and sophisticated encryption methods to mask its communication. Its sophisticated architecture includes a malicious library implant that ensures persistence and hinders detection and removal efforts.
Affected: Universities and government organizations in North America and Asia
Keypoints :
- Auto-Color is a previously undocumented Linux malware discovered by Palo Alto Networks.
- The malware requires explicit user action to install and employs various tricks to evade detection.
- Upon gaining root access, it installs a library that hides its communications and prevents uninstallation.
- It has the capability to create reverse shells, gather system information, and act as a proxy for malicious activities.
Source: https://thehackernews.com/2025/02/new-linux-malware-auto-color-grants.html