NerbianRAT Linux - Novel Malware Linked to Magnet Goblin APT

malware

Check Point reports that a threat actor driven by financial motives has been focusing on exploiting recently discovered vulnerabilities in publicly accessible services to install Linux backdoors. Identified as Magnet Goblin, this adversary has been swift in leveraging these vulnerabilities, particularly in edge devices, and has been using the Nerbian custom malware family for malicious activities.

Magnet Goblin has been observed targeting known vulnerabilities in various platforms such as Ivanti VPNs, Magento, Qlik Sense, and possibly Apache ActiveMQ. For instance, in exploiting Ivanti flaws, the actor deployed Warpwire, a JavaScript credential stealer, a Linux version of NerbianRAT backdoor, and Ligolo, an open source tunneling tool.

Magnet Goblin's Previous Activity

The Warpwire stealer has been associated with widespread exploitation of Ivanti vulnerabilities, indicating potential use by multiple threat actors. Additionally, Magnet Goblin has previously utilized Warpwire in attacks against Magento servers, employing them as command-and-control servers for the Windows variant of NerbianRAT and Warpwire itself.

Investigation into Magnet Goblin's infrastructure revealed the utilization of remote monitoring and management tools like ScreenConnect and AnyDesk, along with targeting of Qlik Sense and Apache ActiveMQ. The Linux variant of NerbianRAT, active since 2022, collects system information, executes commands, and communicates with the command-and-control server over encrypted channels.

The backdoor provides a wide range of capabilities, offering flexibility for the threat actor to operate stealthily on infected machines. MiniNerbian, a simplified version of NerbianRAT, supports command execution and uses HTTP for communication, serving similar functions but with a smaller footprint.

Magnet Goblin's campaigns, driven by financial incentives, highlight a trend of exploiting one-day vulnerabilities to distribute custom Linux malware. These tools predominantly target edge devices, reflecting a broader pattern of threat actors exploiting previously overlooked areas of vulnerability.

By Zaib
March 13, 2024
Computer Security
English
March 13, 2024
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Softcnapp Potentially Unwanted Application

1 month ago

Trojan Al11 Malware Detection & Removal - An Essential...

12 months ago

Pinaview is a Fully-Featured Adware App

11 months ago

'American Express - Update Your Account Information' Email Scam

6 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

8 months ago

Related Posts

Malware

Beware: Shikitega Malware Targets Linux Systems

Shikitega is the name of a newly discovered piece of malware targeting devices that run Linux, specifically IoT devices and endpoints. The malware comes with a complex, multi-step infection chain and includes a... Read more

September 8, 2022
Malware

Symbiote Linux Malware Flies Under the Radar

Security experts with BlackBerry Threat Research published a joint research post on a new strain of Linux malware, dubbed Symbiote. The malware was first discovered in early 2022. Its main highlight is just how hard... Read more

June 10, 2022
Malware

Bobik Malware Linked with Attacks in Ukraine

Bobik is the name of a piece of malware acting like a remote access trojan. Security researchers have linked Bobik to a threat actor known for its pro-Russian attitudes, known by the alias NoName 057(16). According to... Read more

September 9, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.