Skip to main content

Not even the best antivirus could have shielded you from this Linux and macOS malware

Cybersecurity
(Image credit: Shutterstock / song_about_summer)

Researchers have identified a new strain of Linux and macOS malware capable of eluding even the most reputable antivirus services.

According to security company Sonatype, the malicious program was discovered on the npm registry, a developer resource that catalogues various open source JavaScript packages.

The malware was listed on the database as “web-browserify”,  in imitation of the popular Browserify component, which has been downloaded upwards of 160 million times since launch.

Linux and macOS malware

Analysis conducted by Sonatype revealed the web-browserify package had been created by stitching together hundreds of different open source components, all of which are legitimate when taken in isolation.

Once downloaded, the package extracts and runs an ELF malware executable, elevating the attacker’s privileges and laying the foundations for all manner of surveillance activities. The data types harvested by the malware include OS information, VMs present on the system, Docker images, connected bluetooth devices and various data points on the device hardware.

The malware is also able to gain persistence on Linux, building itself into the startup process that activates whenever a device is switched on.

Although the malware threat was detected relatively early, having accrued only 50 downloads, researchers found it had an alarming ability to bypass security measures. At the time of writing, the ELF malware smuggled in the malicious package has a zero detection rate among all leading antivirus software.

The chaining together of legitimate software for illegitimate purposes is thought to have allowed the malware to evade detection so successfully.

The web-browserify package has since been removed from the npm registry, but sets a precedent that could inform future attacks of this kind.

Via BleepingComputer

Joel Khalili

Joel Khalili is a Staff Writer working across both TechRadar Pro and ITProPortal. He's interested in receiving pitches around cybersecurity, data privacy, cloud, storage, internet infrastructure, mobile, 5G and blockchain.