"New Stealthy OrBit Malware Steals Data From Linux Devices"

A newly discovered Linux malware, dubbed OrBit by Intezer Labs, is being used to steal information from backdoored Linux systems and infect all running processes. OrBit hijacks shared libraries to intercept function calls by modifying the LD PRELOAD environment variable on compromised devices. While it can gain persistence in two ways to prevent removal attempts, OrBit can also be used as a volatile implant when copied in shim-memory. It can evade detection, control process behavior, and maintain persistence by injecting new processes. For example, once it injects into a running process, OrBit can manipulate its output to conceal its presence by filtering out what is logged. According to Intezer Labs, the malware employs advanced evasion techniques and gains persistence on the machine by hooking key functions, granting threat actors remote access via SSH, harvesting credentials, and logging TTY commands. This article continues to discuss the capabilities of OrBit malware and the surge in Linux malware. 

Bleeping Computer reports "New Stealthy OrBit Malware Steals Data From Linux Devices"