HomesecurityThe Lazarus team attacks Linux systems through the Dacls Trojan

The Lazarus team attacks Linux systems through the Dacls Trojan

TrojanThe hacking team Lazarus (APT) is constantly evolving and increasing attacks of developing one new Trojan targeting systems Linux.

The Lazarus group is said to have relations with the North Korean government and has been linked to various global cyberattacks. Some of its most significant attacks are its spread WannaCry ransomware, the theft of $ 80m from the Bangladeshi bank and a new campaign attacking financial institutions around the world.

Some researchers argue that the specific ones hackers have used it too Trickbot (used by many government hacking teams) to gain access to infected systems.

The Lazarus team has purchased many tools from other hackers in the past. However, it also creates her "weapons", like the new one Trojan Remote Access (RAT), found by Netlab 360 researchers.

The security company said the trojan, called Dacls, first appeared in May, and while it has been identified by more than 20 companies offering antivirus solutions, it is still considered "unknown".

Researchers analyzed a sample of malware and found it to be "fully functional RAT platform for platforms Windows and Linux", Probably related to this group.

A domain associated with malware,, is a further indication of the Lazarus team's involvement, as the site was previously used by APT to store malware.

Researchers believe that CVE-2019-3396, a remote code error that affects the Atlassian Confluence server version 6.6.12 macro (and earlier), is used to infect systems and develop Dacls.

RAT, which varies depending on the target operating system, shares its command-and-control (C2) protocol. Dacls is one modular malicious software and uses it TLS and RC4 encryption when communicating with his C2 as well AES encryption for protection of configuration files.

When a vulnerable Linux system is detected, the malicious program runs in the background and checks for updates.

Trojan is capable of performing various functions such as stealing, deleting, executing files, scanning a directory, downloading other payloads, stopping processes, uploading data and other.

As we said above, the trojan spreads through a known vulnerability and a patch is already available, so IT administrators should update their Confluence setups to stay safe.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement