Security researchers at Intezer are documenting the discovery of a powerful piece of Linux malware that can stay undetected and has the ability to install rootkits.
The threat, known as Lightning Framework, is defined as a Swiss Army Knife-like piece of malware with a modular design and a wide range of capabilities uncommon in malware aimed at Linux computers. According to literature provided by Intezer, the malware architecture consists of a downloader, a core module, and other plugins that increase its capability, some of which are open source tools.
Different modules are used by the framework for persistence, SSH connections (using OpenSSH with hardcoded keys), network traffic analysis and observation (iftop), and IP network monitoring (IPTraf). The source of the framework also makes mention of two rootkit modules.
Read More: Intezer Documents Powerful ‘Lightning Framework’ Linux Malware
