New malware hides as legit nginx process on e-commerce servers
1 min read
Dec 03, 2021
eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. “NginRAT essentially hijacks a host Nginx application to stay undetected. To do that, NginRAT modifies core functionality of the Linux host system. When the legitimate Nginx web server uses such functionality (eg dlopen), NginRAT intercepts it to inject itself.”
The threat received the name NginRAT, a combination of the application it targets and the remote access capabilities it provides and is being used in server-side attacks to steal payment card data from online stores.
NginRAT was found on eCommerce servers in North America and Europe that had been infected with CronRAT, a remote access trojan (RAT) that hides payloads in tasks scheduled to execute on an invalid day of the calendar.
Related Articles
1 - 0 min read
2023’s Moments That Marked the Open-Source World
1 - 0 min read
KubeCon Points to the Future of Enterprise IT
1 - 0 min read
Impact of Debian 10 EOL on Security and Compliance
1 - 0 min read
Linux Malware: What To Know About the Malware Threat
1 - 0 min read
If You Use Linux - Watch Out for This Stealthy New Malware
