APT36 Targets BOSS Linux with Sophisticated Malware

APT36, a cyberespionage group, has escalated its campaign against government institutions with sophisticated Python-based ELF malware targeting Linux-based BOSS operating environments. The campaign uses spear-phishing emails with weaponized Linux shortcut files masquerading as legitimate documents. The malware establishes persistence through systemd user services and registry modifications, ensuring survival across reboots. It performs comprehensive system reconnaissance and supports a complete command set for data exfiltration and remote control.

Latest mentioned: 12-01

Earliest mentioned: 12-01

Sources

gbhackers.com cyfirma.com

Also Read

ShadyPanda's 7-Year Browser Extension Campaign Infects Millions

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations. Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, attracting 300,000 installs. These extensions have since been taken down. They now run hourly remote code execution, monitoring every website visit, exfiltrating encrypted browsing history, and collecting complete browser fingerprints. One of the extensions, Clean Master, was featured and verified by Google, allowing the attackers to expand their user base and silently issue malicious updates years later without attracting any suspicion. Another set of five add-ons from the same publisher is designed to keep tabs on every URL visited by its users, as well as record search engine queries and mouse clicks, and transmit the information to servers in a country. These extensions have been installed about four million times, with WeTab alone accounting for three million installs.

12-02Read more →