Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What's the point of these kinds of articles? Most Linux malware (including this one) are not sophisticated at all, built off of pre-existing rootkit code samples off Github and quite sloppy with leaving files and traces (".Xl1", modifying bashrc, really?). And there's a weird fixation on China here, is it just more anti-China propaganda?



Threat actors don't create malware to impress people; they do it to accomplish their goals. Apparently, this sample was sufficient for them.

Security companies attribute activity based on their observations. ESET- a Slovakian company- is no exception.


I was under the impression that persistent, but SILENT access was China's goal. Dropping files in home and /tmp/ seems like the total opposite of that and any competent sysadmin would detect these anomalies manually real quick with a simple "ls -a", even possibly by accident.


From the article:

> The WolfsBane Hider rootkit hooks many basic standard C library functions such as open, stat, readdir, and access. While these hooked functions invoke the original ones, they filter out any results related to the WolfsBane malware.

I took this to mean some things like a simple “ls -a” might now leave out those suspicious results.


Chinese threat actors are not one homogeneous group. Just like every other country out there.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: