On 4/30/21 1:55 AM, Bernhard Voelker wrote:
On 4/30/21 6:49 AM, David C. Rankin wrote:
openSUSE devs,
Don't know if the powers that be are up on this, but quite alarming and I still can't figure out how to test for it.
Apparently corrupt versions of systemd-daemon and gvfsd-helper have been used -- for years.
https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spott...
Any body got more on this?
Just follow the link therein: ;-)
[...] Netlab researchers Alex Turing and Hui Wang said in an advisory. [...] --> https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
Have a nice day, Berny
Yep, Read that too, still not entirely clear of how this thing works, and other than the MD5sum on the affected files, not entirely sure how to detect it (other than looking for outgoing port openings and the like. Crafty little buggers... -- David C. Rankin, J.D.,P.E.