A new PingPull malware variant has been released by the Chinese threat actor Alloy Taurus to attack Linux computers. The malware strain is being utilised in a campaign that targets numerous entities in South Africa and Nepal, together with another backdoor virus known as Sword2033.
Three out of 62 antivirus vendors have currently classified the Linux version of PingPull’s ELF file as harmful. After being executed, the malware strain communicates with attacker-controlled C2 servers using the OpenSSL library and an HTTP POST request. It was discovered that the malware’s command handlers are compatible with China Chopper, a web shell that has been used to target Microsoft Exchange servers.