🚨 New Linux exfiltration tool designed to bypass EDR The malware abuses Linux io_uring to async...

Summary

A new Linux malware has been identified that leverages the io_uring subsystem to asynchronously access sensitive credential material from the /etc/shadow file. This tool is designed to bypass Endpoint Detection and Response (EDR) solutions by minimizing its runtime footprint and avoiding traditional blocking I/O methods.

Indicators of Compromise

• malware — Linux exfiltration tool

Entities