Perfectl Malware Targets Linux System Files

By | 2024-10-04

The new Linux malware “Perfctl” is targeting millions of servers globally by mimicking legitimate system files to evade detection. Discovered by Aqua Nautilus, the malware exploits misconfigurations and vulnerabilities, primarily for cryptomining and hijacking system resources. It has been active for several years but recently gained attention after attacking a honeypot.

Perfctl uses rootkits and advanced evasion techniques, such as suspending activity when new users log in and using Unix sockets and the Tor network to hide its operations. The attack starts by downloading a payload, which replicates itself across the system under different names to ensure persistence. The malware’s primary goal is cryptomining, but it also engages in proxy-jacking and attempts to exploit the Polkit vulnerability (CVE-2021-4043) for root access.

To mitigate risks, system administrators are advised to keep their systems updated, conduct vulnerability assessments, and use robust security measures like firewalls and endpoint protection.

Author: dwirch

Derek Wirch is a seasoned IT professional with an impressive career dating back to 1986. He brings a wealth of knowledge and hands-on experience that is invaluable to those embarking on their journey in the tech industry.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.