Bifrost’s – Remote Access Trojan (RAT)

Summary

This is an article about a new variant of a remote access Trojan (RAT) called Bifrost. It discusses how this malware uses deceptive tactics to evade detection. Bifrost can steal a victim’s hostname and IP address. The latest version of Bifrost uses a domain name that closely resembles a legitimate VMware domain. This technique, called typosquatting, allows Bifrost to bypass security measures. Palo Alto Networks offers security products that can help protect users from Bifrost.

Highlights

  • Bifrost is a new variant of a remote access Trojan (RAT).
  • Bifrost uses deceptive tactics to evade detection.
  • Bifrost can steal a victim’s hostname and IP address.
  • The latest version of Bifrost uses a domain name that closely resembles a legitimate VMware domain.
  • This technique, called typosquatting, allows Bifrost to bypass security measures.

https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/