BleepingComputer reports that North American and Asian government entities and universities have been subjected to intrusions involving the new evasive Auto-Color Linux backdoor from November to December.Attacks commenced with the execution of seemingly harmless files that install an evasive library before renaming the malicious payload to Auto-Color in instances when root privileges are available while malware injection without persistence occurs in the absence of root access, according to a report from the Palo Alto Networks Unit 42 threat intelligence team.After establishing command-and-control communications and decrypting C2 server details, Auto-Color could conduct reverse shell opening for total remote access, arbitrary command execution, file creation or modification for more extensive compromise, proxy activities, and configuration alterations while catching system calls and removing evidence of infections.Auto-Color’s covert nature should prompt organizations to track malicious activity within ‘/etc/ld.preload,’ and ‘/proc/net/tcp’ while adopting behavior-based threat detection systems to mitigate possible compromise.
Attacks with novel Auto-Color Linux backdoor deployed in North America, Asia
