• cron
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    3 months ago

    Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.

    Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can’t fool the hypervisor ;)

    • li10@feddit.uk
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      3 months ago

      Not quite the monitoring I’m talking about though.

      Basically, it seems like this would be a nightmare for a home user to detect, but a company is probably gonna pick up on this quite quickly with snmp monitoring (unless it somehow does something to that).