WaterDrop Malware, based on the PRISM Backdoor, Infect Linux Systems
While Windows continues to be the number one operating system that cybercriminals target, Linux malware is becoming a more common occurrence. One of the notable pieces of malware meant to run on Linux is the Prism Backdoor Trojan. Its first appearance online dates back to 2017, but it is still in use by various malicious actors. Recently, a heavily modified version of Prism caught the attention of researchers. The variant, dubbed the WaterDrop Malware, appears to be very elusive. Traditional Linux security measures may not be enough to thwart its attack, and using 3rd-party security software is the best course of action.
Thankfully, the scale of the WaterDrop Malware attack appears to be relatively small. However, the threat can be very dangerous thanks to its ability to execute remote commands, manage files, and more. It could enable its operators to drop additional malware, or manipulate the system configuration according to their needs and preferences.
Good Endpoint Security Can Prevent the WaterDrop Malware Attack
The good news is that the creators of the WaterDrop Malware are not very skilled. Their implant uses a very basic method to communicate with the command-and-control server – good endpoint security software and a firewall should be enough to thwart WaterDrop Malware's attack completely.
Small versions like this one are particularly dangerous, because they attract little attention – unlike major campaigns like the Prism Backdoor. This enables them to fly under the radar for longer, preventing system administrators from taking the necessary security measures. In WaterDrop Malware's case, the domain it uses to contact the command-and-control server has been up for over three years. However, it is not clear whether the malware has been active for the entirety of this period.
