Unit 42 spots a new Linux malwareAuto-color can grant the attackers full access to compromised endpointsInitial infection vector is unknown, but universities and governments hitUniversities and government offices in North America and Asia are being targeted by a brand new Linux backdoor called “Auto-color”, experts have claimed.Cybersecurity researchers from Palo Alto Networks' Unit 42 revealed in early November 2024, it came across a backdoor which was relatively difficult to spot, and impossible to remove without specialized software.The backdoor was capable of opening a reverse shell to give the attackers full remote access, running arbitrary commands on the target system, tampering with local files, acting as a proxy, or dynamically modifying its configuration. The malware also comes with a kill switch, which allows the threat actors to remove all evidence of compromise and thus make analysis and forensics more difficult.Dangerous threatGiven its advanced obfuscation features, and an extensive list of dangerous capabilities, Auto-color was described as a very dangerous threat. However, Unit 42 could not attribute it to any known threat actor, nor did it want to discuss the victims in more detail. Therefore, we don’t know how many organizations were infected, nor what the end goal of the campaign is.What’s also unknown is how the victims got infected in the first place. Unit 42 says the initial infection vector is unknown, but added it has to start with the victim executing a file on the target system. The file usually has a benign name, such as “door”, “log”, or “egg”.Linux malware is becoming more sophisticated and widespread due to increased Linux adoption in cloud computing, enterprise servers, and IoT devices. Cybercriminals are shifting focus from traditional Windows targets to include Linux environments, exploiting misconfigurations, unpatched vulnerabilities, and weak security practices.The rise of malware-as-a-service (MaaS) and automated attack tools also makes Linux-based threats more effective, as well.Via BleepingComputerYou might also likeLinux devices hit with even more new malware, this time from Chinese hackersWe've rounded up the best password managersTake a look at our guide to the best authenticator app