Malware Information
AhnLab Detection
Statistics
Response Guide
AhnLab

rootkit

HiddenGh0st Malware Attacking MS-SQL Servers

Posted By Sanseo , September 21, 2023

Gh0st RAT is a remote control malware developed by the C. Rufus Security Team from China. Due to its source code being publicly available, malware developers use it as a reference as they continue developing numerous variants that are still actively used in attacks. Although the source code is public, Gh0st RAT is mainly used by threat actors based in China. Cases of Gh0stCringe RAT, a variant of Gh0st RAT, being distributed targeting database servers (MS-SQL, MySQL servers) were disclosed…

Reptile Malware Targeting Linux Systems

Posted By Sanseo , August 3, 2023

Reptile is an open-source kernel module rootkit that targets Linux systems and is publicly available on GitHub. [1] Rootkits are malware that possess the capability to conceal themselves or other malware. They primarily target files, processes, and network communications for their concealment. Reptile’s concealment capabilities include not only its own kernel module but also files, directories, file contents, processes, and network traffic. Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse…

Analysis Report on Lazarus Group’s Rootkit Attack Using BYOVD

Posted By AhnLab_en , September 22, 2022

Since 2009, Lazarus Group, known to be a group of hackers in North Korea, has been attacking not only Korea but various countries of America, Asia, and Europe. According to AhnLab’s ASD (AhnLab Smart Defense) infrastructure, in early 2022, the Lazarus Group performed APT (Advanced Persistent Threat) attacks on Korea’s defense, finance, media, and pharmaceutical industries. AhnLab closely tracked these APT attacks and discovered that these attacks incapacitate security products in the attack process. An analysis of the attack process…

Checking and Remediating Stealthy Malware, PurpleFox

Posted By jcleebobgatenet , February 22, 2022

PurpleFox was first discovered in 2018. The attacker hid the malware with a self-developed driver back then, but since 2019, they have been using the customized open-source program ‘Hidden.’ It was also found that the attacker tested the malware multiple times to add various features starting from the middle of 2020. PurpleFox is ultimately a CoinMiner, but it can perform the role of a downloader that installs additional malware as well as spread it to other connected PCs. As for…

Archives

Archives

FOLLOW US

LinkedIn
X
RSS Feed

footer(en)

220, Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Korea | Privacy & Security
© AhnLab, Inc. All rights reserved.

family site