perfctl: A Stealthy Malware Targeting Millions of Linux Servers

SUMMARY :

A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, and TOR communication. It primarily focuses on cryptomining and proxy-jacking activities. The malware's persistence mechanisms involve modifying system files and dropping user land rootkits. It targets specific architectures and uses various methods to remain undetected, including hooking critical system functions. The campaign has potentially affected thousands of victims and demonstrates a high level of sophistication in its design and execution.

OPENCTI LABELS :

linux,evasion,cryptomining,tor,rootkit,privilege-escalation,persistence,cve-2023-33246,cve-2021-4043,proxy-jacking,perfctl


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


perfctl: A Stealthy Malware Targeting Millions of Linux Servers