"Rising Threat: Magnet Goblin Exploits 1-Day Vulnerabilities to Install Linux Malware"
Researchers have discovered a previously unseen Linux variant of the NerbianRAT malware, which has been circulating for at least two years and is installed through the exploitation of recently patched vulnerabilities. The malware, attributed to the threat actor Magnet Goblin, is used to steal credentials and has been deployed through 1-day vulnerabilities in various software, including Ivanti Secure Connect, Magento, and Qlink Sense. Checkpoint Research also identified a smaller version of the malware, MiniNerbian, used for backdooring servers running the Magento ecommerce platform. The Linux version of NerbianRAT lacks protective measures and has been observed stealing VPN credentials and connecting to attacker-controlled IPs.
- Never-before-seen Linux malware gets installed using 1-day exploits Ars Technica
- Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities Check Point Research
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware Help Net Security
- New Magnet Goblin cybercrime crew is targeting Windows and Linux devices with all-new malware TechRadar
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT The Hacker News
Reading Insights
0
0
2 min
vs 3 min read
77%
455 → 103 words
Want the full story? Read the original article
Read on Ars Technica