Security researchers discover Linux version of Winnti malware

For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade.

Discovered by security researchers from Chronicle, Alphabet’s cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to compromised systems.

Chronicle says it discovered this Linux variant after news broke last month that Bayer, one of the world’s largest pharmaceutical companies, had been hit by Chinese hackers, and the Winnti malware was discovered on its systems.

During subsequent scans for Winnti malware on its VirusTotal platform, Chronicle said it spotted what appeared to be a Linux variant of Winnti, dating back to 2015 when it was used in the hack of a Vietnamese gaming company.

Read more…
Source: ZDNet