Samba Trojan becomes the bread and butter of fresh attack campaign

[silversurfer]

The malware's veteran operators go low and slow to compromise Linux machines without detection.

The Butter attack campaign has been bolstered through the deployment of the Samba Trojan, a recent change to the stealthy criminal operation.

Researchers from cybersecurity firm GuardiCore have been tracking the Butter campaign since 2015 and while attacks originating from the criminals behind it have been generally limited -- specifically, only from four IPs -- a new payload has now been implemented which "has gone undetected by many security products."

In a blog post on Thursday, the team said that "Butter originates from a very limited number of attack sources and keeps them [the campaign] alive without being caught due to its low and slow operation."

The attack begins with a brute-force SSH attack on Linux machines. If this simple, initial attack vector proves successful, the campaign leaves a backdoor behind called Butter, together with a Trojan payload.

Source: https://www.zdnet.com/article/samba-troj...-campaign/