New Diamorphine rootkit variant seen undetected in the wild
18-June-24
Code reuse in malware is common, particularly for complex parts. A new variant of the Diamorphine Linux kernel rootkit was discovered in March 2024, undetected in-the-wild, featuring enhanced functionalities such as magic packets and device-based communication. Diamorphine, known for its ability to hide files, processes, and the rootkit module itself, now impersonates the x_tables Netfilter module, facilitating user-to-kernel communication. This variant, compiled for kernel 5.19.17, includes commands execution via magic packets and can be stopped via a device message. To prevent infection, keep systems updated, secure internet connections, avoid untrusted files, use minimal privileges, and employ robust cybersecurity solutions.
