New Chinese-Based Cyberespionage Group Detected Using Melofee Linux Malware

Rising cases of cyberespionage in recent years have escalated the need for continuous cyber-defense of global networks. A new report from security researchers at Palo Alto Networks exposes an advanced Chinese-based cyberespionage group that is using a newly discovered Linux malware dubbed Melofee for targeted attacks.

What is Melofee Linux Malware?

Melofee is a well-crafted and multi-stage Linux backdoor that is used to gain access to systems. The malware is composed of four main modules; the first is a dropper that downloads other components into the compromised system, the second is the backdoor component, the third is to transfer files, and the fourth is a password stealer. All these components are written in C++.

Who is Targeted?

The attack campaign was initially spotted targeting embassies, government organizations, and military institutions in countries of the Association of Southeast Asian Nations (ASEAN). The threat actors targeted the victims by sending malicious emails containing Microsoft Office documents with links that downloads a malicious shell script. This script downloads the initial Melofee malware module.

What Are the Impacts?

This malicious campaign also installs other malicious tools that are capable of collecting system information, downloading and uploading files, and setting up a reverse shell connection with the command and control (C&C) server. This provides attackers with full access to victims’ systems and a persistent backdoor capability to survive system reboots.

Call to Action

It is important to be aware of the emerging threat of cyberespionage and to adopt secure cyber-defense measures to protect global networks. Share this article with your network on social media to share the knowledge and ensure that everyone works towards a safer cyber world.

Leave a Comment