Winnti’s Linux variant discovered bearing ties with Chinese hackers

Security researchers, of late, unearthed an unprecedented Winnti variant compatible to attack Linux computers which is a highly preferred hacking tool for hackers functioning with Beijing's state support. The researchers belonging to the department of cyber-security namely Chronicle of Alphabet also analyzed the new malware. They found the Winnti variant functioning like a backdoor enabling the attackers gain admission into the infected hosts. It was during 2015 that Chinese hackers used the malware within one sophisticated cyber-crime targeted on one game company in Vietnam.

The Linux variant was discovered according to Chronicle when news hit the headlines in April that the giant pharmaceutical company Bayer encountered an attack from Chinese hackers while it found the Winnti malicious program on its computers. Upon scanning Winnti via Chronicle's VirusTotal system the researchers detected the Linux version of the malware of as far as 2015 whilst it was utilized within the Vietnamese gaming firm's compromise. www.zdnet.com posted this dated May 20, 2019.

It has been found that the malware uncovered has dual sections: a rootkit which masks it inside the contaminated host as well as the real backdoor virus. Subsequent examination of the malware revealed plentiful similarities between the Winnti version and the malicious program's Windows edition. Even more examination showed the Linux variant having code similarities with the specific Windows' Winnti 2.0 edition. This was enumerated within reports by Novetta and Kaspersky Lab.

Finally, as with Winnti's Windows version, the Linux edition too enables Chinese hackers towards starting a communication with the contaminated PC devoid of requiring the central command and control (C&C) system - one unique feature of Windows version of Winnti.

And though contaminating Linux computers has already come about from Russian and American hackers, the act has also very rarely occurred, points out Chronicle. The current Winnti Linux version's detection further indicates that state-backed threat offenders will not restrain from leveraging their malicious ware on any form of device they are determined to.

However, in spite of this, Linux compatible malicious software is pretty rare amongst hacking groups receiving state sponsorship, overall, particularly in comparison with Windows compatible malicious programs.

» SPAMfighter News - 5/27/2019