Auto-Color: An Emerging and Evasive Linux Backdoor
1 min read
Summary
Auto-color is a new Linux malware that was discovered by Palo Alto Networks in November and December 2024.
When executed, it provides the threat actor with full remote access to a victim’s machine, and makes it very difficult for the victim to uninstall without specialized software.
The way that it achieves these capabilities are through a novel and advanced combination of methods to avoid detection.
One of these methods is to stay hidden by renaming itself with benign-looking names, such as egg, door, or Auto-color itself.
It also hides any remote command and control (C2) connections, making it almost invisible.
Palo Alto Networks has published the indicators of compromise (IOCs) to help others identify this threat on their systems too.
