Thursday 3 October 16:30 - 17:00, Green room
Anderson Leite & Fabio Marenghi (Kaspersky)
The age-old notion that “Linux doesn't have viruses” is no longer applicable. In today's world, Linux faces numerous advanced threats and malware, making it a prime target. DinodasRAT is no exception. Initially detected as XDealer in 2021 as part of the LuoYu APT group campaign, it silently operated for at least two years without detection or decent coverage from the anti-malware industry, while being used in political interests as a cyberespionage tool.
While much attention has been given to the Windows version of this threat recently, the Linux variant has spread under the radar. This presentation aims to dive deep into every aspect of this uncommon RAT within the Linux environment. We’ll explore the internals of this malware using reverse engineering and automation, and also dissect the entire malware network protocol to create an emulated C2 environment that assists debugging.
To successfully analyse a binary within the Linux environment, one must understand its internal workings and be able to identify functions that could be exploited, including hiding from debugging and filesystem manipulation. These aspects will also be covered in this presentation to provide the audience with a concrete understanding of Linux malware security research.
The topics covered will include:
Anderson Leite Anderson Leite joined Kaspersky's Global Research and Analysis Team (GReAT) in early 2023. He is primarily responsible for analysing and researching new threats affecting the Latin American region, with specialization in reverse engineering, malware detection and creation of intelligence reports on new threats (Threat Intelligence). Previously, he worked as a malware analyst at Mosyle, researching new threats for MacOS, with the aim of strengthening the company's anti-virus software, and at Itaú Unibanco, as an application security engineer, where he performed code analysis to detect vulnerabilities in the most critical banking operations, such as mobile app and internet banking. He also worked at Trend Micro as a security engineer, responsible for working on various projections related to the implementation of security products, threat analysis and development of internal projects. He still creates open-source reverse engineering projects and likes to share his work with the community.
|
|
Fabio Marenghi Fabio Marenghi joined Kaspersky's Global Research and Analysis Team (GReAT) in October 2020 with the goal of monitoring threats in Brazil and Latin America. With over 15 years of experience in the security industry, Fabio previously worked as a senior security researcher at Diebold Nixdorf, where his main responsibilities included leading the malware analysis laboratory and working in research and development, dealing with fraud prevention and creating proof-of-concept demonstrations for discovered attacks and vulnerabilities. Fabio specializes in reverse engineering with a focus on Windows and Android threats. He is a native Portuguese speaker and fluent in English and Spanish. In the past, he has also worked on software development for a widely used fraud prevention platform used in the Brazilian financial sector. |
Back to VB2024 conference page