Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

269
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#rootkit

0 posts0 participants0 posts today
*
MalwareLab

Analysis of #Koske #miner.

It is an AI-generated #Linux #malware which was hidden in images with pandas. It supports wide variety of coinminers for various cryptocurrencies and for GPU and different CPU architectures. Its another component, #rootkit #hideproc, tries to hide the Koske miner from file listings and processes.

malwarelab.eu/posts/koske-pand

Video from #anyrun analysis:

youtube.com/watch?v=1OSPp996XQ4

#koskeminer#coinminer#blueteam
PrivacyDigest

#Hackers can now bypass #Linux #security thanks to terrifying new Curing #rootkit

betanews.com/2025/04/24/hacker

BetaNews · Hackers can now bypass Linux security thanks to terrifying new Curing rootkitMost Linux users assume their security tools will catch bad actors before damage is done -- but sadly, new research suggests that confidence may be misplaced. You see, ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.
0x40k

Whoa, hold up! 🤯 There's a new Linux rootkit dubbed "Curing" out in the wild, and it's got a nasty trick: leveraging `io_uring` to slip right past traditional security tools. Why? Because most of those tools are laser-focused on system calls... which `io_uring` can bypass.

So, what's the deal with `io_uring`? Picture an application chatting directly with the kernel, essentially skipping the front desk where system calls usually check-in. "Curing" exploits this direct line for its command-and-control communication, leaving *none* of the usual suspicious system call footprints. Talk about stealth mode! And heads up – Google has actually been warning about the potential risks here for some time.

Speaking from a pentester's perspective, this is yet another stark reminder: just relying on "basic" security isn't going to cut it. We really need to dive deeper, get our hands dirty with kernel-level analysis and understanding. Let's be clear: running automated scans is *not* the same as a thorough penetration test!

What about you? Are you utilizing `io_uring` in your environment? What kind of security measures have you put in place around it? Seriously curious – how do you see kernel security evolving from here? Let's discuss! 👇

#Cybersecurity#Linux#Rootkit
heise Security

"Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware

Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.

heise.de/news/Passwort-Folge-2

heise online · "Passwort" Folge 25: Staatlich sanktionierte SchnüffelsoftwareBy Dr. Christopher Kunz
#Android#Exploit#iOS
Replied in thread
Kevin Karhan :verified:

@hon1nbo @foone As a matter if fact, both #Valve and #cheaters are looking into that already as a means to [combat / do] #cheating in games, as a external machine that intercepts #HDMI / #DisplayPort & #USB could make "undetectable" cheats except if it's resulting in players to become too good to be true...

#hardware#dma#pciexpress
Evostrix

The Latest Linux Rootkit PUMAKIT Mastering Stealth Evasion
Are you ready to dive into the world of cybersecurity and explore the latest Linux rootkit, PUMAKIT? Buckle up, because we're about to take a deep dive into this sophisticated loadable kernel module (LKM)
#Linux #Rootkit #PUMAKIT #CyberSecurity #StealthEvasion #Hacking #InfoSec #Malware #TechTrends #DigitalSecurity #hack #privacy #news #tech #hackers
cloudhosting.evostrix.eu/the-l

Benjamin Carr, Ph.D. 👨🏻‍💻🧬

#SaltTyphoon hackers backdoor #telcos with new #GhostSpider #malware
The backdoor was discovered by Trend Micro, which has been monitoring Salt Typhoon's attacks against critical infrastructure and government organizations worldwide.
Along with GhostSpider, Trend Micro discovered that the threat group also uses a previously documented #Linux backdoor named '#MasolRAT,' a #rootkit named '#Demodex,' and a modular backdoor shared among #China #APT groups named '#SnappyBee.'
bleepingcomputer.com/news/secu

securityaffairs

#North #Korea-linked #APT #Citrine Sleet exploit #Chrome zero-day to deliver #FudModule #rootkit
securityaffairs.com/167848/hac
#securityaffairs #hacking

Security Affairs · North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit - Security AffairsNorth Korea-linked APT exploited the recently patched Google Chrome zero-day CVE-2024-7971 to deploy the FudModule rootkit. North Korea-linked group Citrine Sleet (aka AppleJeus, Labyrinth Chollima, UNC4736, Hidden Cobra) have exploited the recently patched Google Chrome zero-day CVE-2024-7971(CVSS score 8.8) to deploy the FudModule rootkit, states Microsoft. Microsoft researchers linked with medium confidence the attacks to Citrine […]
*
⚯ Michel de Cryptadamus ⚯

Some thoughts on North Korea hacking a bunch of crypto bros with a Chromium exploit two weeks ago:

1. We all owe #crypto bros a big "thank you" for drawing most of the incoming fire from highly skilled financial threat actors. The irreversible nature of crypto transactions coupled with the lack of technical literacy and high gullibility revealed by buying a monkey JPG for the price of a small house makes it almost pointless for #LazarusGroup to bother targeting any other kind of person so to the bros I say: thank you for all that you do to keep us safe 🫡.

2. Very fitting that North Korea's crypto stealing rootkit is named #FudModule. Almost too good, really.

More on FudModule: decoded.avast.io/janvojtesek/l

Microsoft presser: microsoft.com/en-us/security/b

#northKorea#DPRK#CitrusSleet
TrendingLive feeds
About