Cybersecurity

OrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deployments

Ali Nemati4 hours ago

46 sec read2 views0 listens

Based on the provided information, here's a summary and analysis of OrBit's evolution from 2023 to 2025:

Evolution Overview

Lineage A (Full Capabilities)
- 2023: Full capabilities with 66 exports and 54 hooks.
- 2024: Key rotation to 0xAA, reduced feature set in some variants.
- 2025: Return to 0xA2 key, introduction of new PAM hook (pam_sm_authenticate).
Lineage B (Lite Capabilities)
- 2023-2025: Continues with a reduced capability set (64/66 exports and 49 hooks), no PAM or pcap interception, no TCP port hiding.

Key Developments

Lineage A

Key Rotation in 2024:
- Transitioned to 0xAA key for a short period.
- Reverted back to 0xA2 by 2025.
Feature Set Adjustments:
- In 2024, some variants had

Read the full article at Malware Analysis, News and Indicators - Latest topics

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

Contents

Ali NematiWritten by Ali

View all posts

Cybersecurity4 hours ago25 sec read

Ransomware attacks on West Pharmaceutical and Foxconn highlight growing cyber risks to manufacturing sector

West Pharmaceutical Services and Foxconn have both fallen victim to ransomware attacks, disrupting operations and potentially compromising sensitive data. These incidents underscore the escalating cybersecurity threats in the manufacturing sector, pa...

Ali Nemati

Real Estate & Home4 hours ago28 sec read

Nancy Guthrie Investigators Are Keeping 'Secrets' from Public, Sheriff Admits-as Khloe Kardashian Questions 'Weird' Circumstances Around Case

Pima County Sheriff Chris Nanos admits that investigators are withholding details about the ongoing case of Nancy Guthrie’s disappearance to protect the integrity of their investigation. This approach has drawn criticism, particularly from Khloe Kard...

Ali Nemati

Cybersecurity4 hours ago24 sec read

LABScon25 Replay | Breach Alpha: Trading on Cyber Fallout

Mick Baccio and Scott Roberts presented at LABScon25 on using public indicators to predict stock market reactions to cyber breaches, challenging traditional assumptions about market behavior post-breach. This analysis is crucial for security professi...

Ali Nemati

Cybersecurity4 hours ago28 sec read

The OSINT Newsletter - Issue #106

The 106th issue of The OSINT Newsletter highlights the integration of agentic AI with intelligence analysis and warns about the risks of trusting opaque software in investigative processes. This issue is crucial for developers and tech professionals ...

Ali Nemati

Real Estate & Home4 hours ago25 sec read

We knew Compass International Holdings could lead market share, but what about Real and eXp?

Consolidation in the real estate sector has led to significant market share gains for companies like Compass, The Real Brokerage, and eXp World Holdings through mergers and acquisitions. These deals have positioned Compass and eXp Realty at the top o...

Ali Nemati

OrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deployments

Evolution Overview

Key Developments

Lineage A

Related Articles

Ransomware attacks on West Pharmaceutical and Foxconn highlight growing cyber risks to manufacturing sector

Nancy Guthrie Investigators Are Keeping 'Secrets' from Public, Sheriff Admits-as Khloe Kardashian Questions 'Weird' Circumstances Around Case

LABScon25 Replay | Breach Alpha: Trading on Cyber Fallout

The OSINT Newsletter - Issue #106

We knew Compass International Holdings could lead market share, but what about Real and eXp?