New Reptile Rootkit Malware Attacking Linux Systems Using Port Knocking
1 min read
Jul 26, 2023
A new kernel module rootkit malware was released recently on GitHub, dubbed Reptile. It’s an open-source rootkit that has the ability to hide itself, other malicious codes, files, directories, and network traffic.
While, unlike other rootkit malware, Reptile stands out with a reverse shell, enabling easy system control, and its signature move is Port Knocking.
Port Knocking opens a specific port on an infected system, connecting it to the C&C server upon receiving an attacker’s Magic Packet.
The cybersecurity researchers at ASEC recently identified this new rootkit malware.
Reptile aids malware installation and equips attackers with Listener, a command line tool that awaits a reverse shell connection to execute on infected systems, granting control to the attacker.
Attackers can operate a reverse shell without specifying the C&C server by forwarding specific packets using Port Knocking. Packet, a command line tool, receives parameters for the reverse shell connection and port knocking method.
Related Articles
1 - 0 min read
Librem 11: Purism Unveils a Privacy-Focused Linux Tablet
1 - 0 min read
Linux Distros Need to Take More Responsibility for Security
