If you purchase via links on our site, we may receive affiliate commissions.

‘Parasite’ malware infecting Linux systems

Updated on: 10 June 2022

Damien Black
Senior Journalist

A stealthy form of malware that operates like a parasite and was previously undetected is targeting Linux systems used by the financial sector, according to research by Blackberry and Intezer.

The researchers named the malicious software Symbiote, after the parasitic organism of the same name that fosters an interdependent relationship with its host.

Explaining the name, Blackberry said: “What makes Symbiote different from other Linux malware is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file, it is a shared object library that is loaded into all running processes [...] and parasitically infects the machine.”

It added: “Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability.”

First detected in November, Symbiote initially appears to have been designed to target finance companies in Latin America. Once it has infiltrated a machine, it is very hard to detect.

“Performing live forensics on an infected machine may not turn anything up since all the file, processes, and network artifacts are hidden by the malware,” said Blackberry. “In addition to the rootkit capability, the malware provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges.”

The researchers have not determined whether Symbiote is being used for attacks against specific entities or individuals, or a more scattergun approach aimed at multiple targets.