Summary:
-
Widespread Malware Infection
A sophisticated malware called Perfctl has infected thousands of Linux systems since 2021, exploiting over 20,000 misconfigurations and a critical vulnerability in Apache RocketMQ. -
Stealth Techniques
Perfctl uses advanced methods to evade detection, including installing a rootkit and mimicking legitimate process names, making it hard to identify. -
Persistence Mechanism
The malware can survive system reboots by altering login scripts and copying itself to various disk locations, allowing it to restart even after attempts to remove it. -
Malicious Activities
Perfctl hijacks infected systems for cryptocurrency mining and proxy services, while also acting as a backdoor for further malware installations. -
Detection Challenges
Despite some antivirus software being able to detect Perfctl, its ability to restart after removal poses significant challenges for system administrators trying to eliminate it.
Read more at: Ars Technica
!