Researchers talk about new features of the old cyber threat.
Researchers from Palo Alto Networks have discovered a new variant of the well - known remote access Trojan-BIFROSE (also known as Bifrost). The updated version is adapted for attacks on Linux systems. Its distinctive feature is the use of a fake domain that looks similar to the legitimate site of VMware-download.vmfare[.]com.
This disguise helps to circumvent security measures and make it easier to compromise the attacked networks.
BIFROSE is considered one of the longest — lived cyber threats-it has been operating since 2004. In 2015, Trend Micro specialists reported that the source code of the Trojan was sold on underground forums for up to $10,000.
Behind BIFROSE is the Chinese hacker group BlackTech (also known as Circuit Panda, Manga Taurus, Palmerworm and other names). It mainly targets organizations in Japan, Taiwan, and the United States. Presumably, hackers purchased malicious software in 2010 and reworked it for their own needs, integrating the KIVARS and XBOW backdoors.
Variants of BIFROSE for Linux, designated ELF_BIFROSE, are distributed at least in 2020 . They are capable of running remote shells, downloading / sending files, and manipulating the file system.
Palo Alto Networks has been tracking a sharp spike in BIFROSE activity since October 2023 — during which time at least 104 incidents were recorded. A version for Arm processors was also identified, which indicates that the attackers are planning to expand the range of attacks.
Experts warn that the BIFROSE virus use of deceptive domains that mimic well-known brands, combined with the recent sharp increase in its activity, highlights the dangerous and sophisticated nature of this threat.
In addition to BIFROSE, McAfee Labs specialists have identified a new campaign to distribute the GuLoader Trojan through malicious SVG files and VBS scripts that are attached to emails. There is also a new version of the banking Trojan Warzone RAT, whose infrastructure was defused, and two operators were arrested by the US authorities.
Researchers from Palo Alto Networks have discovered a new variant of the well - known remote access Trojan-BIFROSE (also known as Bifrost). The updated version is adapted for attacks on Linux systems. Its distinctive feature is the use of a fake domain that looks similar to the legitimate site of VMware-download.vmfare[.]com.
This disguise helps to circumvent security measures and make it easier to compromise the attacked networks.
BIFROSE is considered one of the longest — lived cyber threats-it has been operating since 2004. In 2015, Trend Micro specialists reported that the source code of the Trojan was sold on underground forums for up to $10,000.
Behind BIFROSE is the Chinese hacker group BlackTech (also known as Circuit Panda, Manga Taurus, Palmerworm and other names). It mainly targets organizations in Japan, Taiwan, and the United States. Presumably, hackers purchased malicious software in 2010 and reworked it for their own needs, integrating the KIVARS and XBOW backdoors.
Variants of BIFROSE for Linux, designated ELF_BIFROSE, are distributed at least in 2020 . They are capable of running remote shells, downloading / sending files, and manipulating the file system.
Palo Alto Networks has been tracking a sharp spike in BIFROSE activity since October 2023 — during which time at least 104 incidents were recorded. A version for Arm processors was also identified, which indicates that the attackers are planning to expand the range of attacks.
Experts warn that the BIFROSE virus use of deceptive domains that mimic well-known brands, combined with the recent sharp increase in its activity, highlights the dangerous and sophisticated nature of this threat.
In addition to BIFROSE, McAfee Labs specialists have identified a new campaign to distribute the GuLoader Trojan through malicious SVG files and VBS scripts that are attached to emails. There is also a new version of the banking Trojan Warzone RAT, whose infrastructure was defused, and two operators were arrested by the US authorities.
