• AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    35
    ·
    2 years ago

    This is the best summary I could come up with:


    Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.

    In June, researchers from security firm Trend Micro found an encrypted binary file on a server known to be used by a group they had been tracking since 2021.

    The Linux malware ported several functions found in Trochilus and combined them with a new Socket Secure (SOCKS) implementation.

    The Trend Micro researchers eventually named their discovery SprySOCKS, with “spry” denoting its swift behavior and the added SOCKS component.

    Besides showing interest in espionage activities, Earth Lusca seems financially motivated, with sights set on gambling and cryptocurrency companies.

    Monday’s Trend Micro report provides IP addresses, file hashes, and other evidence that people can use to determine if they’ve been compromised.


    The original article contains 537 words, the summary contains 143 words. Saved 73%. I’m a bot and I’m open source!

    • Shdwdrgn@mander.xyz
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      3
      ·
      2 years ago

      A Chinese government group, you say? They shall henceforth be known as Stone Pooh.

  • GnuLinuxDude@lemmy.ml
    link
    fedilink
    arrow-up
    18
    ·
    2 years ago

    Did I miss it in the article? I cannot determine what the attack vector is. Am I downloading a malicious file? Am I running an insecure publicly facing service?

    • placatedmayhem@lemmy.ml
      link
      fedilink
      English
      arrow-up
      17
      ·
      2 years ago

      This is the backdoor that’s deployed after a host is compromised. How the host is compromised is somewhat irrelevant. It could be exploited manually, social engineering, a worm, etc.

    • floofloof@lemmy.ca
      link
      fedilink
      English
      arrow-up
      18
      ·
      edit-2
      2 years ago

      There’s a surprising lack of them, and rather too many people who say “if you get a virus in Linux you’re doing Linux wrong.” ClamAV is readily available but pretty basic, slow at scanning, not real-time, and erring on the side of false positives. The commercial options are all sold to businesses under those “contact us and we’ll tell you what it costs once we’ve figured out how much money you have” pages. And if you search for answers you find a lot of recommendations for AV products that don’t seem to exist any more.

      • piexil@lemmy.world
        link
        fedilink
        arrow-up
        10
        ·
        edit-2
        2 years ago

        A lot of those enterprise solutions like crowdstrike are a pain in the ass because they use a binary kernel module that supports like 5 kernels at most too

      • Shaolin Shrimp@lemmy.ml
        link
        fedilink
        arrow-up
        16
        ·
        2 years ago

        Thanks, my government (UK) has banned Kaspersky for use in their infrastructure, so I’ll follow their advice for my own. Not mentioned in the replies is BitDefender, I see they have a solution as well, I’ll evaluate.

        • FigMcLargeHuge@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 years ago

          Maybe Crowdstrike? I know I see it on our linux machines. I am not endorsing it one way or the other. I will say that we have had a couple of incidents where I thought it was taking up more cpu in a high cpu situation, but our admins turned it off, and that wasn’t the problem. So I guess it’s working ok. One of their updates caused some issues one time, and I don’t recall the exact details, but I think that was a one off and they haven’t done it again.