Connect with us

Technology

Stealthy Linux backdoor malware spotted after three years of minding your business • The Register

Voice Of EU

Published

on

Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years.

The firm said its bot monitoring system spotted on March 25 a suspicious ELF program that interacted with four command-and-control (C2) domains over the TCP HTTPS port 443 even though the protocol used isn’t actually TLS/SSL.

“A close look at the sample revealed it to be a backdoor targeting Linux X64 systems, a family that has been around for at least three years,” Netlab researchers Alex Turing and Hui Wang said in an advisory.

An MD5 signature for the file systemd-daemon first showed up in VirusTotal back on May 16, 2018 without the detection of any known malware. Two other files named systemd-daemon and gvfsd-helper were spotted over the next three years.

The association with systemd, a widely used system and session manager for Linux, may have been chosen by the malware authors to make the malicious code less likely to be noticed by administrators reviewing logs and process lists.

Netlab has dubbed the malware family RotaJakiro because it uses encryption with a rotate function and has different behavior depending on whether it’s running on a root or non-root account. Jakiro is a reference to a character from the game Dota 2.

Illustration of the Chinese flag with binary and code and a skull outline laid over the top

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way

READ MORE

The malware makes an effort to conceal itself by using multiple encryption algorithms. It relies on AES to protect its own resources and a combination of AES, XOR, and rotate encryption alongside ZLIB compression to obscure its server communication.

The C2 domains with which the malware communicates were registered through Web4Africa in December 2015 and rely on hosting provided by Deltahost PTR, in Kiev, Ukraine.

The malware is not an exploit; rather it’s a payload that opens a backdoor on the targeted machine. It might be installed by an unsuspecting user, an intruder, or through a dropper Trojan. How RotaJakiro has been distributed remains unanswered.

According to Netlab, RotaJakiro supports 12 commands, including “Steal Sensitive Info,” “Upload Device Info,” “Deliver File/Plugin,” and three “Run Plugin” variants. The security firm is presently unaware of what the malware’s plugins do.

The security firm sees some similarities between RotaJakiro and the Torii botnet spotted by Avast, another security company, in September, 2018. They two have some similar commands and traffic patterns, as well as functional similarities.

At least the malware is starting to get noticed by antivirus software. ®

Source link

Technology

Elon Musk sells Tesla shares worth $6.9bn as Twitter trial looms | Elon Musk

Voice Of EU

Published

on

Elon Musk has sold $6.9bn (£5.7bn) worth of shares in Tesla after admitting that he could need the funds if he loses a legal battle with Twitter and is forced to buy the social media platform.

The Tesla CEO walked away from a $44bn deal to buy Twitter in July but the company has launched a lawsuit demanding that he complete the deal. A trial will take place in Delaware in October.

“In the (hopefully unlikely) event that Twitter forces this deal to close *and* some equity partners don’t come through, it is important to avoid an emergency sale of Tesla stock,” Musk said in a tweet late on Tuesday.

In other comments on Twitter on Tuesday, Musk said “yes” when asked if he was finished selling Tesla stock. He also said he would buy Tesla stock again if the Twitter deal does not close.

Musk has committed more than $30bn of his own money to the financing of the deal, with more than $7bn of that total provided by a coterie of associates including tech tycoon Larry Ellison, the Qatar state investment fund and the world’s biggest cryptocurrency exchange, Binance.

Musk, the world’s richest person, sold $8.5bn worth of Tesla shares in April and had said at the time there were no further sales planned. But since then, legal experts had suggested that if Musk is forced to complete the acquisition or settle the dispute with a stiff penalty, he was likely to sell more Tesla shares.

Last week Musk launched a countersuit against Twitter, accusing the platform of deliberately miscounting the number of spam accounts on the platform. Twitter has consistently stated that the number of spam accounts on its service is less than 5% of its user base, which currently stands at just under 238 million. Legal experts have said that Musk will find it hard to convince a judge that Twitter’s spam issue represents a “company material adverse effect” that substantially alters the company’s value – and therefore voids the deal.

Musk sold about 7.92m Tesla shares between 5 August and 9 August, according to multiple filings. He now owns 155m Tesla shares or just under 15% of the electric carmaker.

The latest sales bring total Tesla stock sales by Musk to about $32bn in less than one year. However, Musk remains comfortably ahead of Jeff Bezos as the world’s richest man with an estimated $250bn fortune, according to the Bloomberg billionaires index.

Tesla shares have risen nearly 15% since the automaker reported better-than-expected earnings on 20 July, also helped by the Biden administration’s climate bill that, if passed, would lift the cap on tax credits for electric vehicles.

Musk also teased on Tuesday that he could start his own social media platform. When asked by a Twitter user if he had thought about creating his own platform if the deal didn’t close, he replied: “X.com”.

With Reuters



Source link

Continue Reading

Technology

Iran reveals use of cryptocurrency to pay for imports • The Register

Voice Of EU

Published

on

Iran has announced it used cryptocurrency to pay for imports, raising the prospect that the nation is using digital assets to evade sanctions.

Trade minister Alireza Peyman Pak revealed the transaction with the tweet below, which translates as “This week, the first official import order was successfully placed with cryptocurrency worth ten million dollars. By the end of September, the use of cryptocurrencies and smart contracts will be widespread in foreign trade with target countries.”

It is unclear what Peman Pak referred to with his mention of widespread use of crypto for foreign trade, and the identity of the foreign countries he mentioned is also obscure.

But the intent of the announcement appears clear: Iran will use cryptocurrency to settle cross-border trades.

That’s very significant because Iran is subject to extensive sanctions aimed at preventing its ability to acquire nuclear weapons and reduce its ability to sponsor terrorism. Sanctions prevent the sale of many commodities and technologies to Iran, and financial institutions aren’t allowed to deal with their Iranian counterparts, who are mostly shunned around the world.

As explained in this advisory [PDF] issued by the US Treasury, Iran has developed numerous practices to evade sanctions, including payment offsetting schemes that let it sell oil in contravention of sanctions. Proceeds of such sales are alleged to have been funnelled to terrorist groups.

While cryptocurrency’s anonymity has been largely disproved, trades in digital assets aren’t regulated so sanctions enforcement will be more complex if Iran and its trading partners use crypto instead of fiat currencies.

Which perhaps adds more weight to the argument that cryptocurrency has few proven uses beyond speculative trading, making the ransomware industry possible, and helping authoritarian states like Iran and North Korea to acquire materiel for weapons.

Peyman Pak’s mention of “widespread” cross-border crypto deals, facilitated by automated smart contracts, therefore represents a challenge to those who monitor and enforce sanctions – and something new to worry about for the rest of us. ®



Source link

Continue Reading

Technology

Edwards Lifesciences is hiring at its ‘key’ Shannon and Limerick facilities

Voice Of EU

Published

on

The medtech company is hiring for a variety of roles at both its Limerick and Shannon sites, the latter of which is being transformed into a specialised manufacturing facility.

Medical devices giant Edwards Lifesciences began renovations to convert its existing Shannon facility into a specialised manufacturing centre at the end of July.

The expansion will allow the company to produce components that are an integral part of its transcatheter heart valves. The conversion is part of Edwards Lifesciences’ expansion plan that will see it hire for hundreds of new roles in the coming years.

“The expanded capability at our Shannon facility demonstrates that our operations in Ireland are a key enabler for Edwards to continue helping patients across the globe,” said Andrew Walls, general manager for the company’s manufacturing facilities in Ireland.

According to Walls, hiring is currently underway at the company’s Shannon and Limerick facilities for a variety of functions such as assembly and inspection roles, manufacturing and quality engineering, supply chain, warehouse operations and project management.

Why Ireland?

Headquartered in Irvine, California, Edwards Lifesciences established its operations in Shannon in 2018 and announced 600 new jobs for the mid-west region. This number was then doubled a year later when it revealed increased investment in Limerick.

When the Limerick plant was officially opened in October 2021, the medtech company added another 250 roles onto the previously announced 600, promising 850 new jobs by 2025.

“As the company grows and serves even more patients around the world, Edwards conducted a thorough review of its global valve manufacturing network to ensure we have the right facilities and talent to address our future needs,” Walls told SiliconRepublic.com

“We consider multiple factors when determining where we decide to manufacture – for example, a location that will allow us to produce close to where products are utilised, a location that offers advantages for our supply chain, excellent local talent pool for an engaged workforce, an interest in education and good academic infrastructure, and other characteristics that will be good for business and, ultimately, good for patients.

“Both our Shannon and Limerick sites are key enablers for Edwards Lifesciences to continue helping patients across the globe.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!