ASEC, a cybersecurity firm, has reported a surge in the use of BlueShell malware across Windows, Mac, and Linux operating systems, targeting regions in South Korea and Thailand.
BlueShell, a backdoor malware operational since 2020, deploys TLS encryption to evade network detection and relies on specific configuration parameters. The report reveals the Dalbit Group, a Chinese threat actor, utilizing BlueShell in attacks on Windows systems, particularly focusing on vulnerable servers to steal critical data for ransom.
Moreover, researchers discovered a customized variant of BlueShell in the Linux environment, suggesting its intended targets were in Korea and Thailand. Beyond BlueShell, various malware attacks on different operating systems are on the rise.
These include exploiting MinIO Object Storage vulnerabilities for remote code execution, an evolved SkidMap malware variant targeting multiple Linux distributions, and a new hVNC tool for hacking Mac systems, granting attackers stealthy remote control and data theft capabilities.
In response to these escalating threats, the ASEC report recommends organizations prioritize regular system patching, enhance server security measures, and implement robust intrusion detection systems.
Additionally, educating users on recognizing phishing attempts becomes crucial in preventing malware infections. This report underscores the importance of proactive cybersecurity measures to safeguard against evolving threats across diverse operating systems.
