SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

From thehackernews.com

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system.

The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering.

Cybersecurity company Trend Micro said it observed the equivalent Windows variant in June 2022, nearly one month after the command-and-control (C2) infrastructure was set up.

Lucky Mouse is also tracked under the monikers APT27, Bronze Union, Emissary Panda, and Iron Tiger, and is known to utilize a variety of malware such as SysUpdate, HyperBro, PlugX, and a Linux backdoor dubbed rshell.

Read more…