Auto-Color: An Emerging and Evasive Linux Backdoor

SUMMARY :

Auto-color is a newly discovered Linux malware that employs sophisticated evasion techniques. It renames itself to benign-looking filenames, hides remote C2 connections using advanced methods similar to Symbiote malware, and uses proprietary encryption for communication. The malware installs a malicious library implant to intercept system calls and conceal its network activity. It provides threat actors with full remote access to compromised machines and is difficult to remove. Auto-color primarily targets universities and government offices in North America and Asia. The malware's C2 protocol includes a simple handshake and encrypted messages for issuing commands. Its capabilities include file operations, network proxying, and creating reverse shells.

OPENCTI LABELS :

backdoor,c2,linux,evasion,government,reverse shell,encryption,proxy,universities,auto-color,library implant,symbiote


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Auto-Color: An Emerging and Evasive Linux Backdoor