TeamTNT Malware Uses Open-Source Tool to Evade Detection

26
TeamTNT Malware Uses Open-Source

Security researchers at AT&T Alien Labs have discovered that the TeamTNT cybercrime group has gained a new capability of hiding its malicious processes. TeamTNT has upgraded its Linux crypto-mining with open-source detection evasion capabilities.

The malware is well known for targeting and compromising Internet-exposed Docker instances for unauthorized Monero (XMR) mining. The group has also shifted techniques by updating its Linux malware named Black-T to obtain user credentials from infected servers.

AT&T Alien Labs security researcher Ofer Caspi says,  “The group is using a new detection evasion tool, copied from open source repositories.”

The tool known as libprocesshider is an open-source tool available on Github. It can be used to hide any Linux process with the help of the ld preloader.

To Read More:  Bleepingcomputer