Monday, February 10, 2025
Homecyber securityTgRAT Malware Attacking Linux Servers with New Variant

TgRAT Malware Attacking Linux Servers with New Variant

Published on

SIEM as a Service

Follow Us on Google News

A new variant of the TgRAT malware, initially discovered in 2022 targeting Windows systems, has been observed attacking Linux servers.

This evolution marks a significant shift in the malware’s capabilities, broadening its potential impact on a wider range of systems. The Linux version of TgRAT was found in the wild earlier this month, raising alarms across the cybersecurity community.

Capabilities and Control Mechanisms

According to the Broadcom report, TgRAT exhibits a range of malicious activities when infecting a targeted Linux machine.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

The malware enables attackers to execute arbitrary commands or scripts, collect screenshots, and extract user files from the compromised host. This versatility makes TgRAT a potent tool for cybercriminals, capable of causing significant disruption and data breaches.

Notably, the malware is controlled via a Telegram bot, allowing attackers to manage their operations remotely and with some anonymity.

The associated malicious indicators are blocked and detected by existing policies within VMware Carbon Black products.

Symantec recommends implementing a policy that blocks all types of malware from executing, including known, suspect, and potentially unwanted programs (PUPs) to maximize protection.

Additionally, delaying the execution of a cloud scan can fully utilize the VMware Carbon Black Cloud reputation service, providing an extra layer of security.

As the cybersecurity landscape continues to evolve, the emergence of TgRAT’s Linux variant underscores the importance of robust, adaptive security measures. Organizations are urged to stay vigilant and ensure their defenses are up-to-date to mitigate the risks posed by this sophisticated malware.

you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...