A new piece of malware has been found that is specifically designed to target Linux servers. The malware, called Mélofée, was discovered by French cybersecurity firm ExaTrack. Mélofée is a kernel-mode rootkit that is based on an open source project called Reptile. The rootkit has a limited set of features, mainly designed for hiding itself. The malware is deployed using shell commands that download an installer and a custom binary package from a remote server. The installer takes the binary package as an argument and then extracts the rootkit as well as a server implant module that's currently under active development. Mélofée's features are no different from other backdoors of its kind, enabling it to contact a remote server and receive instructions that allow it to carry out file operations, create sockets, launch a shell, and execute arbitrary commands. The malware's ties to China come from infrastructure overlaps with groups such as APT41 (aka Winnti) and Earth Berberoka (aka GamblingPuppet). This is just the latest example of malware that is specifically designed to target Linux servers. This is a growing trend as more and more businesses rely on Linux servers for their operations. This trend is likely to continue as Linux servers become more popular and more widespread.
top of page
bottom of page