Alloy Taurus APT Spotted Using PingPull and a New Backdoor to Target Linux Users

A new PingPull malware variant has been released by the Chinese threat actor Alloy Taurus to attack Linux computers. The malware strain is being utilised in a campaign that targets numerous entities in South Africa and Nepal, together with another backdoor virus known as Sword2033.

Three out of 62 antivirus vendors have currently classified the Linux version of PingPull’s ELF file as harmful. After being executed, the malware strain communicates with attacker-controlled C2 servers using the OpenSSL library and an HTTP POST request. It was discovered that the malware’s command handlers are compatible with China Chopper, a web shell that has been used to target Microsoft Exchange servers.

Alloy Taurus APT Spotted Using PingPull and a New Backdoor to Target Linux Users

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Alloy Taurus APT Spotted Using PingPull and a New Backdoor to Target Linux Users

28-Apr-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address