Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Our partner program is designed with flexibility in mind for partners who are at various stages of their business lifecycle. With financial investment and dedicated resources, you will continue to grow with TuxCare.
Would you like to work with a leader in open source and Linux security that values innovation and partnerships?
Partners receive benefits that are designed to reward the commitment that they have made to the sale of our products and services.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
Follow Us on Social
A new malware, identified as Metador, is being used by attackers to target telecommunications, internet service providers and universities on multiple continents, according to security researchers at SentinelOne.
“The operators are highly aware of operations security managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions,” researchers from SentinelOne said in a new report.
The new threat group was discovered after one of the victims used Singularity, SentinelOne’s advanced XDR detection and response solutions, months after Metador compromised its network.
Although Metador was found in a Middle Eastern telecommunications company, researchers said the operation aims to gain long-term persistence for cyber espionage organizations in the Middle East and Africa.
However, Metador has not been associated with any group, SentinelLabs stated in its report that Metador is “managing carefully segmented infrastructure per victim and quickly deploying intricate countermeasures in the presence of security solutions.”
Details of the first infection are not known, but the custom implants were decrypted and loaded into memory through “cdb.exe,” the debugging tool in Windows that was used in the attack as LoLBin (living-off-the-binary). It was used to decrypt and load in memory the two custom ‘metaMain,’ and ‘mafalda,’ two custom Windows malware frameworks.
The metaMain implant is used for other “hands-on” operations such as screenshots, executing file actions, logging keyboard events, and executing arbitrary shell code.
Mafalda is a versatile implant and its commands include file operations, reading contents or directories that manipulate the registry, reconnaissance of the network and system, and exfiltrating data to the command and control (C2) server.
“We have artifacts pointing to late 2020, but it’s worth noting that the earliest variant of the Mafalda platform we were able to recover was already on build version 144. It’s likely that this group has been active for several years before anyone caught on,” said Guerrero-Saade, Senior Director of SentinelLabs.
The sources for this piece include an article in TheHackerNews.
TALK TO A CYBERSECURITY EXPERT
Stay updated with the latest news and announcements from TuxCare.com
Attackers are using phishing tactics to spread QBot, a Windows...
Apple has released security updates for iOS, iPadOS, and macOS...
Worok malware makes the rounds by deploying multi-level malware designed...
IceXLoader, an updated version of a malware loader, is suspected...
A security researcher, David Schütz has received a $70,000 bug...
Microsoft has fixed six actively exploited Windows vulnerabilities and 68...