Researchers from BlackBerry and Intezer have recently unraveled the Linux-based malware known as Symbiote. This specific malware has been extremely difficult to detect. Instead of using a standalone executable, Symbiote infects running processes. The most recent campaign involving Symbiote occurred in November of 2021, targeting banks in Latin America such as Banco de Brasil and Caixa. Capturing credentials is the main objective of the malware, but it can also create backdoors for threat actors to access and run high privilege commands. One of the few evasion tactics Symbiote uses is the Berkley Packet Filter (BPF) hook functionality, which is what the Equation Group has used previously for covert communication. Symbiote uses the function to hide the malicious traffic it creates on a machine. Another backdoor that has received comparison to Symbiote is Ebury, which was seen back in 2014.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that