Thousands of Linux systems have been infected by a stealthy malware named Perfctl since 2021. Notable for exploiting over 20,000 common misconfigurations and a severe vulnerability in Apache RocketMQ (CVE-2023-33426), Perfctl uses advanced stealth tactics including rootkits, concealment of process and file names, and deletion of its binary post-installation to evade detection. It communicates over TOR and employs various methods to prevent detection by admin tools.
Sort: