Security researchers at Trend Micro have discovered a new rootkit trojan that targets only Linux-based systems running on x86 and ARM (Raspberry Pi) platforms.
The rootkit’s name is Umbreon, taken after the name of a Pokemon creature that hides in the shadows, a fitting name for a rootkit. According to Trend Micro, threat actors have used Umbreon in live attacks, the company receiving samples to analyze from compromised devices. The good news is that Umbreon’s installation is not automated, and attackers need to break into a system first, and then manually install the rootkit on the hacked device.
This installation procedure has its negative side as well, mainly because attackers can install the rootkit in a different location of the infected system each time, making automatic detection even harder than it already is.
As for its technical capabilities, Umbreon is a very dangerous tool, with the ability to persist between reboots, intercept all network traffic, intercept and alter terminal commands, and even open a connection to the attacker, allowing him to log on the victim’s device.
Submitted by: Arnfried Walbrecht