New GNU/Linux Rootkit LinkPro Discovered in AWS Infrastructure

Cyber Security News by CyberSum.net

Published on October 17, 2025 at 06:00 AM

3 sources

An investigation into a compromised AWS-hosted infrastructure revealed a new GNU/Linux rootkit called LinkPro. The attackers exploited a vulnerable Jenkins server (CVE-2024-23897) to deploy a malicious Docker image on Kubernetes clusters. The rootkit, written in Golang, features eBPF modules for concealment and remote activation, allowing attackers to gain persistence and execute commands. The sophisticated malware supports multiple communication protocols and uses a 'magic packet' for activation. The threat actors are suspected to be financially motivated.

Also Read

Winos 4.0 Malware Expands Reach with HoldingHands RAT

The threat actors behind Winos 4.0 malware have expanded their targeting to include new regions, using phishing emails with malicious PDFs to deliver HoldingHands RAT. This campaign, linked to an aggressive cybercrime group, employs SEO poisoning and fake websites to spread the malware. Recent attacks have utilized taxation-themed documents and fake landing pages to deceive recipients into downloading the RAT, which can capture sensitive information and run arbitrary commands.

By Cyber Security News by CyberSum.netOctober 18, 2025 at 03:00 PM