A new variant of the TgRAT malware, initially discovered in 2022 targeting Windows systems, has been observed attacking Linux servers.
This evolution marks a significant shift in the malware’s capabilities, broadening its potential impact on a wider range of systems. The Linux version of TgRAT was found in the wild earlier this month, raising alarms across the cybersecurity community.
According to the Broadcom report, TgRAT exhibits a range of malicious activities when infecting a targeted Linux machine.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
The malware enables attackers to execute arbitrary commands or scripts, collect screenshots, and extract user files from the compromised host. This versatility makes TgRAT a potent tool for cybercriminals, capable of causing significant disruption and data breaches.
Notably, the malware is controlled via a Telegram bot, allowing attackers to manage their operations remotely and with some anonymity.
The associated malicious indicators are blocked and detected by existing policies within VMware Carbon Black products.
Symantec recommends implementing a policy that blocks all types of malware from executing, including known, suspect, and potentially unwanted programs (PUPs) to maximize protection.
Additionally, delaying the execution of a cloud scan can fully utilize the VMware Carbon Black Cloud reputation service, providing an extra layer of security.
As the cybersecurity landscape continues to evolve, the emergence of TgRAT’s Linux variant underscores the importance of robust, adaptive security measures. Organizations are urged to stay vigilant and ensure their defenses are up-to-date to mitigate the risks posed by this sophisticated malware.
you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious…
Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635…
A database containing over 1,000 email accounts associated with the National Health Service (NHS) has…
Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware,…
A recently discovered vulnerability in Red Hat's NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity…
Tor Browser 14.0 has been officially launched. It brings significant updates and new features to…