Report that a 20-year-old Trojan horse has recently resurfaced. dark reading“A new variant exists that targets Linux and evades detection by impersonating trusted host domains.”
Palo Alto Networks researchers have discovered a new Linux variant of Bifrost (also known as Bifrose) malware that uses a deceptive technique known as typosquatting to mimic legitimate VMware domains. This allows malware to hide under the radar. Bifrost is a remote access Trojan (RAT) that has been active since 2004 and collects sensitive information from compromised systems, such as hostnames and their IP addresses.
There has been a worrying proliferation of Bifrost Linux variants over the past few months. Palo Alto Networks detected his more than 100 instances of Bifrost samples. This “has raised concerns among security professionals and organizations,” researchers Anmol Muliya and Siddharth Sharma wrote in an article for the company. Newly published research results.
Additionally, they said there is evidence that cyberattackers are also using malicious IP addresses associated with Linux variants that host ARM versions of Bifrost to further expand Bifrost's attack surface. “As ARM-based devices become more common, cybercriminals will change their tactics to incorporate ARM-based malware, increasing their attacks and reaching more targets. There is a possibility.”