BlackBerry and Intezer security researchers have revealed data of a new Linux malware that “parasitically” infects all running processes on a target machine.
The malware, dubbed Symbiote by the researchers, provides attackers with rootkit capabilities, as well as remote backdoor access and the capacity to collect passwords, once it has infected all operating processes. BlackBerry and Intezer revealed that the malware may run commands with the highest privileges on an infected PC.
Symbiote uses the Berkeley Packet Filter (BPF) hooking functionality to mask harmful network traffic, according to the researchers. Other malware, including an advanced backdoor linked to the Equation Group, has also leveraged BPF for covert communication.