Bonum Certa Men Certa

ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)

posted by Roy Schestowitz on Nov 24, 2024

FUD watch: In the trailing citations, all the following links are a form of FUD (Fear, Uncertainty, Doubt), fear-mongering, and dramatisation. We must contextualise those.

Microsoft and ESET

TODAY we belatedly catch up with FUD [1-12] (after spending a week with family). The articles below are probably not the end of it, but it's all we've found so far.

So some of these articles are pure FUD and barely accessible (or probably skippable, as an associate said, due to either of these issues). We don't want to comment on each of these individually but instead remind people of ESET's collaborations with Microsoft. ESET habitually spreads anti-Linux 'studies' or 'research' at strategic (to Microsoft) times.

Looking at one "sample" of the FUD (not Microsoft-connected site, unlike some of the sites below), the associate said: "Rootkits are not a big deal [and] if the article does not give a hint about delivery. It seems like mostly a FUD campaign."

I had noticed the same and sought a second opinion. They also misuse the term "backdoor" and try to imply that Linux itself has back doors.

Why now? What's the point of this?

Well, there are real back doors being exploited by China and they're nothing to do with "Linux". The media mentioned them a few days ago, but it blamed "China" instead of those who put the back doors in there. As the associate said, "there's no mention of the real culprit, CALEA and CALEA2.

So what we have are real issues - an abundance of back doors, including the ones in Microsoft's products. But instead the media talks about "Linux", citing an Estonian partner of Microsoft.

"The Microsoft Effect," as the associate put it, implies that "all computers are insecure at some level so stay with Microsoft even though there are drastic differences in the levels of insecurity between Microsoft and non-Microsoft systems."

In one of the pieces below, "Microsoft mouthpieces try to play it up," our associate concluded.

While it's unwise to give visibility or publicity to bad pieces, adding some context to them and framing them as FUD can hopefully help.

Related/contextual items from the news:

  1. Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware

    A new Linux backdoor named WolfsBane has been recently uncovered by the ESET researchers, attributed to the Gelsemium advanced persistent threat (APT) group.

    This discovery marks the first public report of Gelsemium using Linux malware, signaling a shift in their operational strategy. WolfsBane is identified as the Linux counterpart of Gelsevirine, a known Windows malware used by Gelsemium.

  2. Researchers unearth two previously unknown Linux backdoors

    ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood.

  3. Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

    The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia.

  4. Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

    ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood

  5. Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant

    In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.

    Two well-documented Chinese backdoors have recently been modified to operate on Linux systems.

  6. Chinese hackers target Linux with new WolfsBane malware

    A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group.

  7. China-linked hackers target Linux systems with new spying malware

    The group deployed Linux backdoors in a campaign likely focused on Taiwan, the Philippines, and Singapore.

  8. Chinese hackers exploit GNU/Linux with new WolfsBane malware
    ESET researchers uncover "WolfsBane," a GNU/Linux backdoor linked to the China-based Gelsemium group.
  9. Unmasking WolfsBane: Gelsemium’s New Linux Weapon

    ESET researchers have uncovered WolfsBane, a Linux cyberespionage backdoor attributed with high confidence to the Gelsemium advanced persistent threat (APT) group. This discovery is a major development, as it is the first public report of Gelsemium deploying Linux malware.

  10. Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

    Attacks with Wolfsbane — which is suspected to be a port of Gelsemium's Windows malware — commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed. Also discovered to be leveraged by Gelsemium in targeting Linux systems was the FireWood backdoor, which features shell command execution, file operation, and data exfiltration capabilities. However, such a tool may have been shared with other Chinese APTs. Mounting adoption of endpoint detection and response tools, as well as Microsoft's default deactivation of Visual Basic for Applications macros may have prompted increased utilization of Linux malware, according to ESET. "Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux," ESET added.

  11. In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit
  12. Linux devices hit with even more new malware, this time from Chinese hackers

    Chinese hackers have built new all-in-one malware to target Linux devices, a new report from cybersecurity researchers ESET, have said.

Other Recent Techrights' Posts

[Teaser] The EPO is Still Calling Monopolies "Products"
Coming soon
Why We Cover the Topics That We've Long Focused on (by Choice)
We'll continue to cover suppressed issues because such issues are usually obstructed
[Meme] The Reasonable Man
"The reasonable man adapts himself to the world"
International Troll Alert by Helen Plews
Helen Plews from Cybershow has this new article
The FSF (Free Software Foundation, Inc.) Can Reach Its Funding Goal of $400,000. This Bothers the Imposters and Foes of the FSF.
Software Freedom is something we must perpetually fight for
Linux Foundation Pays for LLM Slop (Puff Pieces Made by Bots) About the Linux Foundation
The so-called Linux Foundation is responsible for the production of spam and slop
General Consultative Committee (GCC) Meeting at the European Patent Office (EPO) Shows Existing Problems
the "real problems" and why "digitalisation" doesn't solve them
 
Maybe - and Hopefully - More News Sites Will Go "Static" (More New Material Published But Established Pages Served Directly From the File System)
Keeping things simple and light is important for the sake of scaling
[Meme] Vendor Capture for 'Civility's Sake'
"I CoCed him already"
Anonymity for Sources
At the moment we can learn about stories in person or in encrypted voice chat
What Topics We Prioritise
On fishing for topics to cover
Oligarch-Owned Media Twists the Narrative and Demands More Surveillance
Corruption is the real issue here
Windows Falls to Single-Digit "Market Share" in Benin
Windows has fallen even further
[Meme] Doing Online Activism in Social Control Media
Dictators have always loved lists
Gemini Links 13/12/2024: Creative Moods, Berkeley DB, and More
Links for the day
Microsoft Windows Falls to New All-Time Low in Guatemala (Less Than a Quarter)
When it comes to operating systems, we don't think we've mentioned it before
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 12, 2024
IRC logs for Thursday, December 12, 2024
[Meme] Leave My /home Alone
A new version of Systemd
There's a New Version of Lagrange (Gemini Reader) and Its Developer is Making an IDE/Editor
I share or reciprocate almost anything I can through Gemini Protocol
Nick's Job at OSI: Promote Microsoft, Promote Proprietary Software
This is what Microsoft pays him to do
[Meme] Award-Winning Back-stabbing Opportunists
part of the rebel alliance
Azerbaijan Rejects Microsoft
Azerbaijan seems to have very little interest in Microsoft
[Meme] You Just Grab Him by the CoC
Sponsors of Python Software Foundation... "You don't like Python's corporate sponsor?"
Explaining What Deb Nicholson Does to the Python Software Foundation
Of course the OSI, which Nicholson also occupied, still helps Microsoft attack copyleft
IBM Said to Be Firing People Days Before Christmas
IBM is entering taboo territories
Microsoft Falls to Just 11% in Ivory Coast
Microsoft tried hard to catch up in mobile
Links 12/12/2024: Shell Settles With Greenpeace, DOJ Whistleblower Pilot Program
Links for the day
Gemini Links 12/12/2024: AuraGem TV and Advent of Code 2024
Links for the day
Fake "Linux" News, Produced by Microsoft Chatbots in 'Brittany Day' or "LinuxSecurity" Clothing
She's back at it
Microsoft OSI Promoting GitHub, Which is Proprietary and a Massive GPL Violator
OSI works for Microsoft, speaks for Microsoft, promotes proprietary software
Links 12/12/2024: Another 'Self-driving' Cars Dead End, Infowars Sale Blocked by Court
Links for the day
Links 12/12/2024: "Hey Hi" Hype Debunked, ActivityPub and Gemini Software on Same Server
Links for the day
Google Has Only Solidified Its Search Monopoly in Africa Since Microsoft's Chatbot/LLM Hype Started
Africa is basically a "Failed Market" to Microsoft
[Teaser] EPO is Running Out of Brains
EPO has been in the business of offering fake patents
South Korea Has Its Own Alternative to IBM's Proprietary RHEL
Owing to the Open Enterprise Linux Association (OpenELA)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 11, 2024
IRC logs for Wednesday, December 11, 2024
Fresh Rumour of Wave of IBM Layoffs Less Than a Fortnight Before Xmas Day
Unverified and anonymous
Links 11/12/2024: Additional Surveillance Ambitions and Cyberattacks on Sudanese Media
Links for the day
Links 11/12/2024: More Google Layoffs Rumoured for January, 'Linux' Foundation Colonises India
Links for the day
Mozilla's Firefox is Floundering, in the United Kingdom Its Share Fell to 2% This Month
HTTPS is becoming little but a transport layer for Chrome-like browsers, i.e. proprietary things with DRM and perhaps attestation (which means you cannot modify them; you'd get blocked for trying)
Protecting People From So-called 'Social Media' is Not Censorship (No More Than Banning or Restricting Access to Cigarettes is 'Censorship')
it's not censorship when the thing you are censoring [sic] is itself a censorship powerhouse operated by a foreign and hostile nation (or oligarchs of Musk's nature)
[Meme] Solving Real Problems With So-called 'Social Media'?
Feeding and medically treating animals helps, unlike "likes"
Links 11/12/2024: Climate Warming, 'People Can Fly' Layoffs
Links for the day
Gemini Links 11/12/2024: LLMs as Plagiarism, Advent of Code 2024 Momentum
Links for the day
In United Arab Emirates (UAE), Microsoft Now on One in 8 Internet-Connected Devices?
Web-connected clients are becoming scarce that run Microsoft operating systems (Windows)
IBM and Microsoft Hats at Linux Foundation
"Fedora Project Leader Matthew Miller: A change of hats!"
IBM's Latest Fedora Divestment Speaks for Itself
Microsoft must be very pleased with what IBM is doing
Why is UK Press Gazette Jingoistic About Plagiarists and LLM Slop Disguised as Journalism?
Press Gazette appears to be participating in the attack on honest journalism
EPO is Corrupt Like Always, What Changed is the Lack of Media Coverage (No Transparency Means No Democracy)
We need to revive online media and encourage dissent
[Meme] How NOT to Do Activism Online
So many self-professed liberals continue participating and driving traffic (ads) in X
In Central Africa, Which is Bigger Than Europe, Windows is About 5% in Terms of "Market Share"
they apparently got so fed up with colonialism
Communicating Outside of Skinnerboxes and Social Control Media
Tackling collective isolation and miscommunication (or communications being controlled by middlemen)
Number of Libera.Chat Users (Simultaneously Online) Falls to Lowest Figure in Over 3 Years
Notice the downward trend/curve in recent months
[Meme] Social Control Media is NOT Free Speech
It's time to discard that stupid argument that banning an abusive censor is "censorship"
Banning Not Only TikTok... if Not for FOMOC (Fear of Missing on Constituents)
It's a sort of addiction by peer pressure
Shedding Light on How the EPO Sheds Off Staff in Order to Grant Loads of Invalid (Fake) Patents in Europe
The people who decide on these policies lack a background in science
Montenegro's Share of GNU/Linux Reaches All-Time High
We don't really know why, but that's just what the data from statCounter suggests
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 10, 2024
IRC logs for Tuesday, December 10, 2024