Security researchers at AT&T Alien Labs have discovered that the TeamTNT cybercrime group has gained a new capability of hiding its malicious processes. TeamTNT has upgraded its Linux crypto-mining with open-source detection evasion capabilities.
The malware is well known for targeting and compromising Internet-exposed Docker instances for unauthorized Monero (XMR) mining. The group has also shifted techniques by updating its Linux malware named Black-T to obtain user credentials from infected servers.
AT&T Alien Labs security researcher Ofer Caspi says, “The group is using a new detection evasion tool, copied from open source repositories.”
The tool known as libprocesshider is an open-source tool available on Github. It can be used to hide any Linux process with the help of the ld preloader.
To Read More: Bleepingcomputer