Backdoor.Linux.BPFDOOR.SMZAJE-B
ALIASES:
Trojan.Linux.Bpfdoor (IKARUS)
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
TECHNICAL DETAILS
Tipo de compactação: 23,488 bytes
Tipo de arquivo: ELF
Data de recebimento das amostras iniciais: 24 Mar 2025
Carga útil: Drops files, Deletes files
Installation
This Backdoor drops the following files:
- /dev/shm/kdevtmpfls
- /var/run/kdevrund.pid
It adds the following processes:
- /bin/sh -c /bin/rm -f /dev/shm/kdevtmpfls;/bin/cp ./{Malware File Name} /dev/shm/kdevtmpfls && /bin/chmod 755 /dev/shm/kdevtmpfls && /dev/shm/kdevtmp
- /dev/shm/kdevtmpfls --init
- /bin/rm -f /dev/shm/kdevtmpfls
Other System Modifications
This Backdoor deletes the following files:
- /dev/shm/kdevtmpfls
SOLUTION
Mecanismo de varredura mínima: 9.800
Primeiro arquivo padrão VSAPI: 19.928.08
Data do lançamento do primeiro padrão VSAPI: 27 Feb 2025
VSAPI OPR Pattern Version: 19.929.00
VSAPI OPR Pattern veröffentlicht am: 28 Feb 2025
Scan your computer with your Trend Micro product to delete files detected as Backdoor.Linux.BPFDOOR.SMZAJE-B. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:
Did this description help? Tell us how we did.
