FortiGuard Labs is aware of a report that a new Medusa malware variant that is targeting Linux-based devices. The Medusa malware is reportedly based on the infamous Mirai malware and is not only capable of launching Distributed Denial of Service (DDoS) attacks and exfiltrating information from compromised devices, but also encrypting files and deleting all files in the system drives.Why is this Significant?This is significant because Medusa botnet supports ransomware functionality and is capable of encrypting files on compromised Linux devices. It also deletes files on the hard disk 24 hours after file encryption is finished, which bricks the affected devices.What is Medusa Malware?Medusa is a Mirai variant that connects to Command-and-Control (C2) servers, and perform various activities upon receiving commands from C2s. Capabilities include – launching DDoS attacks and exfiltrating information from compromised devices. It can also encrypt files on compromised devices and delete all files in the system drives 24 hours after file encryption is completed, which would make the affected devices unusable.While infection chain of Medusa botnet has not been identified, exploiting vulnerabilities is the likely infection vector since Medusa ransomware is reportedly based on the infamous Mirai malware. Bruteforcing is another potential attack vector as Linux devices often have weak username passwords combination by default and users tend not to change default passwords.What is the Status of Protection?FortiGuard Labs has the following AV signatures in place for this attack:Linux/Redis.TSU!trPython/Stealer.DEDC!tr.ransomBAT/Agent.P!tr.dldrFortiGuard Labs has the following IPS signature in place to block download of Medusa malware:Embedded.Linux.Malicious.Script
More Stories
USN-6753-1: CryptoJS vulnerability
Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use...
USN-6751-1: Zabbix vulnerabilities
It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could...
USN-6752-1: FreeRDP vulnerabilities
It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious...
ruby-3.2.4-182.fc38
FEDORA-2024-48bdd3abbf Packages in this update: ruby-3.2.4-182.fc38 Update description: Upgrade to Ruby 3.2.4. Read More
ruby-3.2.4-182.fc39
FEDORA-2024-31cac8b8ec Packages in this update: ruby-3.2.4-182.fc39 Update description: Upgrade to Ruby 3.2.4. Read More
chromium-124.0.6367.78-1.el9
FEDORA-EPEL-2024-0c24da3136 Packages in this update: chromium-124.0.6367.78-1.el9 Update description: update to 124.0.6367.78 * Critical CVE-2024-4058: Type Confusion in ANGLE * High...