A Deep-Dive on Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
A few months ago, in a joint collaboration with Intezer, we discovered a new, previously undetected malware that acts in a parasitic nature and affects Linux® operating systems. It appears to have been written to target the financial sector in Latin America. We have aptly named this malware Symbiote.
Symbiote is a highly evasive malware whose main objective is to capture credentials and to facilitate backdoor access to infected machines. Once on the host machine, it cleverly hides itself, its network traffic, and any other malware used by the threat actor. Because it operates as a userland level rootkit, detecting a Symbiote infection may be nearly impossible. What makes Symbiote different from other Linux malware is its ability to infect running processes, rather than using a standalone executable file to inflict damage. Symbiote is one of the most sophisticated Linux threats we’ve seen in recent times, but trends we’ve observed in the current threat landscape suggest it won’t be the last.
Please join our Most Distinguished Threat Researcher Dmitry Bestuzhev on this deep dive to learn more about Symbiote and how to protect your users and your network environment against it.
Most Distinguished Threat Researcher