Cyberespionage Campaign Using New Linux Malware - 1

image by rawpixel.com, from Freepik

Cyberespionage Campaign Using New Linux Malware

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

ESET reveals Linux malware linked to China’s Gelsemium group, with WolfsBane and FireWood backdoors targeting sensitive data for cyberespionage.

In a Rush? Here are the Quick Facts!

  • WolfsBane is the Linux version of the Gelsevirine Windows backdoor.
  • Gelsemium targets sensitive data for cyberespionage, aiming to evade detection.
  • Linux malware is gaining attention as hackers shift focus due to stronger Windows defenses.

ESET cybersecurity researchers have discovered a new type of malware designed for Linux systems, named “WolfsBane,” which they believe is connected to a Chinese hacker group called Gelsemium.

This group, known for its sophisticated attacks, has been active since 2014, primarily targeting Windows systems. This new malware marks the first time Gelsemium has been linked to Linux, a platform increasingly targeted by hackers, says ESET.

ESET reports that the WolfsBane backdoor is similar to an earlier malware, Gelsevirine, used by Gelsemium to gain unauthorized access to systems.

Both tools share key features, including the way they communicate with hacker-controlled servers, execute commands, and hide their presence within infected systems.

WolfsBane uses a specialized library and encryption methods to evade detection, allowing the hackers to monitor the victim’s system and steal sensitive information over an extended period without being noticed, says ESET.

Alongside WolfsBane, the researchers also found another backdoor named “FireWood,” which may also be linked to Gelsemium, though the connection is less certain.

FireWood shares similarities with malware used in past cyberattacks by the group, including its structure and encryption methods. However, due to the potential for shared tools among different hacker groups, the link to Gelsemium is not confirmed, says ESET.

ESET explains that these malware tools are designed for cyberespionage, allowing attackers to steal system data, credentials, and files.

The shift toward Linux malware comes as hackers look for new attack vectors after increased security measures on Windows systems, such as endpoint detection tools and changes to Microsoft’s email security. ESET points out that many internet-facing systems run on Linux, making them an attractive target for cybercriminals.

The malware was found in archives uploaded to VirusTotal, a service used by security experts to analyze suspicious files, and it appears to have been deployed on servers in Taiwan, the Philippines, and Singapore. The investigation suggests the hackers may have gained access to these servers through vulnerabilities in web applications.

While ESET researchers continue to analyze the malware, they have confirmed that the attackers use advanced techniques to maintain long-term access to compromised systems, making them difficult to detect and remove.

The discovery of WolfsBane and FireWood highlights the growing threat of Linux-targeted cyberattacks, underscoring the need for stronger security measures across all platforms.

Meta Targets Pig Butchering Scams Amid Criticism For Slow Response - 2

Image by wirestock, from Freepik

Meta Targets Pig Butchering Scams Amid Criticism For Slow Response

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Meta combats pig butchering scams by removing 2 million accounts, collaborating with law enforcement, and using AI to disrupt fraud operations.

In a Rush? Here are the Quick Facts!

  • Pig butchering scams involve trafficked individuals forced to scam others in compounds.
  • Criminal syndicates behind scams operate in Myanmar, Laos, Cambodia, and the UAE.
  • AI tools like ChatGPT are being used by scammers to translate and spread fraud.

Meta has for the first time revealed details about its efforts to address the escalating global crisis of pig butchering scams, as first reported on Thursday by WIRED .

The company shared Thursday that it has been collaborating with law enforcement and other tech companies for more than two years. Their goal is to tackle the organized crime syndicates fueling these scams, particularly in Southeast Asia and the UAE, as reported by WIRED.

The company reported that it has taken down over 2 million accounts linked to scam compounds in Myanmar, Laos, Cambodia, the Philippines, and the UAE in 2024 alone. These compounds, where victims are trafficked and forced to work as online scammers, are often connected to Chinese organized crime, according to WIRED.

WIRED said that Meta has also worked closely with NGOs, external tech companies, and coalitions dedicated to combating online fraud. However, the company emphasized that its primary focus is on working with law enforcement to directly track criminal syndicates.

“This is a highly adversarial space where we expect well-resourced and persistent criminal organizations to constantly evolve their tactics in response to detection and enforcement to try and reconstitute across the internet,” a Meta spokesperson explained, said WIRED.

Despite these efforts, WIRED noticed that Meta has faced criticism for its slow response in acknowledging the role its platforms play in facilitating scams.

Researchers have pointed out that while Meta isn’t the only platform being exploited by scammers, its services—like Facebook and Instagram—are widely trusted and thus attract fraudsters.

WIRED reports that Ronnie Tokazowski, a long-time pig butchering researcher and cofounder of Intelligence for Good, stated,

“I’m glad that Meta is finally starting to talk about this work, but in the research community, we feel like we’ve been trying to get their attention for a long time and collaborate with them and they often aren’t engaging with us.”

Pig butchering scams often begin on social media, where trafficked individuals are forced to build relationships with potential victims under the guise of romance or investment opportunities.

Victims are eventually persuaded to send large sums of money, and in total, these scams have defrauded people out of approximately $75 billion in recent years, says WIRED.

Meta notes that scams can start on dating apps, text messages, social media, or messaging apps before moving to scam-controlled cryptocurrency platforms. Despite ongoing takedowns, some scam activity remains undetected due to the challenges of moderating content that doesn’t clearly violate community standards, reports WIRED.

Cybersecurity expert Gary Warner, director of intelligence at DarkTower, commented, “So much of what is on platform is clearly the prelude to pig butchering, but Meta says it ‘doesn’t violate community standards,’” as reported by WIRED.

WIRED notes that Meta’s report also revealed that criminals are increasingly adopting advanced technologies like artificial intelligence to improve the efficiency of their scams. For instance, a recent scam operation targeting Japanese and Chinese speakers was found to be using ChatGPT to translate scam messages.

As Meta continues to take action against scam activity, the challenge of countering these sophisticated operations remains an ongoing battle.