Auto-Color, a newly identified Linux malware, has affected universities and government organizations in North America and Asia between November and December 2024. Developed by threat actors, its installation grants full remote access to infected machines, complicating removal. Key characteristics include using innocuous file names and proprietary encryption to avoid detection, as well as requiring root privileges for complete installation. Notably, it installs a library implant to manipulate network connection insights, thereby concealing command-and-control communications and complicating its removal process.
Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software.
If the current user lacks root privileges, the malware will not proceed with the installation of the evasive library implant on the system.
Collection
[
|
...
]