The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor’s capabilities.
The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS tunneling.
Its principle of operation is unusual: the backdoor processes only those requests in which the correct cookie parameter is set.
The Linux backdoor discovered by Stairswell, for its part, is designed to capture system information and is capable of remote access operations such as file upload, download, deletion, and shell command execution.
The latest findings show that the group has also devoted considerable time and effort to researching and developing an equally robust toolset for Linux intrusions, Mayer said.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply