A new and highly sophisticated malware strain has emerged, posing a significant threat to millions of Linux servers worldwide. Dubbed “perfctl,” this fileless malware employs advanced evasion techniques and exploits a staggering 20,000 misconfigurations in Linux servers.
Its primary targets are unprotected or poorly configured systems, where it installs cryptomining and proxyjacking malware.
The Anatomy of “perfctl”
Unlike traditional malware, “perfctl” is fileless, which means it doesn’t rely on files stored on the disk to execute its payload. Instead, it operates entirely in the memory of the infected system, making it extremely difficult to detect and remove. Fileless malware leverages legitimate system tools and processes to carry out its malicious activities, often leaving minimal traces for security software to identify.
Perfctl specifically targets Linux servers, which are widely used in enterprise environments due to their reliability and scalability. By exploiting misconfigurations, this malware gains initial access to the system. Once inside, it deploys its payload directly into the memory, bypassing traditional antivirus and endpoint protection solutions.
Exploiting Misconfigurations
Misconfigurations are the weakness of many systems, and Linux servers are no exception. According to security experts, “perfctl” exploits around 20,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.