Kaspersky experts identified a malicious campaign targeting Linux systems, where victims’ devices are compromised using an infected version of Free Download Manager. Infecting the device makes it easier for threat actors to steal information such as system data, browsing history, saved passwords, cryptocurrency wallet files, and cloud service credentials.
Supply Chain Attack
Researchers discovered that devices were infected after the software was downloaded from the official website of the popular free application, indicating a possible supply chain attack. Variants of the malware used in this campaign were first identified in 2013. Victims are based in various countries, including Brazil, China, Saudi Arabia, and Russia.
“Variants of the analyzed backdoor have been detectable by Kaspersky solutions for Linux since 2013. However, there is a widespread misconception that Linux is immune to malware, leaving many of these systems without adequate cybersecurity protection. This lack of protection makes these systems attractive targets for cybercriminals. Essentially, the Free Download Manager case highlights the challenge of spotting an ongoing cyberattack on a Linux system with the naked eye. Therefore, it's essential for Linux-based computers, including both desktops and servers, to implement reliable and effective security measures”, says Georgy Kucherin, a security expert at GReAT, Kaspersky.
Security Measures
Kaspersky recommends the use of various products to guard against cyber threats.
- Kaspersky Endpoint Security for Business is an endpoint security solution that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats.
- Kaspersky Embedded Systems Security product is an adaptable, multi-layered solution that provides optimized security for embedded Linux-based systems, devices and scenarios, in compliance with the rigorous regulatory standards so often applicable to these systems.
- Kaspersky Digital Footprint Intelligence monitors shadow resources and promptly identifies related threats
