I am surprised someone would install powershell to a Linux server🙄…
That part really does stand out… though it sounds like the virus itself makes a way for itself to use PowerShell, not that it has to be already installed?
?
Nice thing about this backdoor is that it hooks into kernel functions so that its processes, file and network connections are never reported by kernel to userland tools making it invisible for the administrator.
that sounds scary.
It’s a rootkit. A massive nightmare to diagnose and even harder to fix (or, at least to make sure that all traces of it is gone from your system). The reason for this is that it violates the OS’s “root of trust”, so now everything is untrustworthy.
My vpn has given me an IP address that the site has banned! I wonder what precipitated that