Palo Alto Networks has discovered a new Linux backdoor malware named Auto-Color, first detected in November 2024. The malware provides full remote access to compromised systems and is particularly difficult to remove without specialized software. Universities and government entities in North America and Asia have been the primary targets.

While the initial infection vector remains unknown, the malware requires manual execution by the victim. Once deployed, it allows attackers to collect system data, execute programs, modify files, create a reverse shell, and turn the infected device into a proxy.

To evade detection, Auto-Color uses harmless-looking filenames, sophisticated C2 obfuscation techniques, and proprietary encryption algorithms for securing communications. Palo Alto Networks has released Indicators of Compromise (IoCs) to help cybersecurity teams detect and mitigate this threat.

‍