A 20-year-old Trojan is back, using new tricks against Linux users

The Unwelcome Old BoyTech veterans may remember Bifrost (also known as Bifrose), a remote access trojan (RAT) that has been lurking around since 2004. Security researchers from Palo Alto Networks have discovered a resurgence of Bifrost targeting Linux systems. Discuss20-year-old Trojan is back, using new tricks against Linux users© Ferra

Of particular concern is that the malware uses the typosquatting method. This tactic involves creating domain names that closely resemble the names of legitimate companies, in this case imitating a trusted VMware domain. This clever disguise allows Bifrost to bypass security measures and infect unsuspecting users.

The Trojan then collects sensitive information about the compromised system, including the host name and IP address, potentially exposing the user to further attacks. The recent surge in Bifrost activity—more than 100 flavors of Linux have been discovered—has security experts worried.

But that's not all. The threat landscape appears to be expanding. There is reason to believe that attackers are developing ARM versions of Bifrost, targeting the growing number of ARM-based devices, such as smartphones and IoT gadgets. As Sharma notes, “cybercriminals are likely to adapt their tactics to include ARM-based malware, which will make their attacks more powerful and allow them to reach a wider range of targets.”