"New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion"

Researchers have discovered a new Linux variant of a Remote Access Trojan (RAT) called BIFROSE, also known as Bifrost. It uses a deceptive domain that spoofs VMware. According to researchers at Palo Alto Networks' Unit 42, the new version of Bifrost bypasses security measures and compromises targeted systems. BIFROSE has previously been offered for sale in underground forums for up to $10,000. The malware was used by BlackTech, a state-backed hacking group from China that has targeted organizations in Japan, Taiwan, and the US. This article continues to discuss findings and observations behind the new BIFROSE Linux malware variant.

THN reports "New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion"

Submitted by grigby1

Submitted by Gregory Rigby on