Summary
This is an article about a new variant of a remote access Trojan (RAT) called Bifrost. It discusses how this malware uses deceptive tactics to evade detection. Bifrost can steal a victim’s hostname and IP address. The latest version of Bifrost uses a domain name that closely resembles a legitimate VMware domain. This technique, called typosquatting, allows Bifrost to bypass security measures. Palo Alto Networks offers security products that can help protect users from Bifrost.
Highlights
- Bifrost is a new variant of a remote access Trojan (RAT).
- Bifrost uses deceptive tactics to evade detection.
- Bifrost can steal a victim’s hostname and IP address.
- The latest version of Bifrost uses a domain name that closely resembles a legitimate VMware domain.
- This technique, called typosquatting, allows Bifrost to bypass security measures.
https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/