By Ionut Arghire on January 07, 2021
Security researchers at AT&T’s Alien Labs have identified multiple malware attacks leveraging the Ezuri memory loader to execute payloads without writing them to disk.
Executed directly in memory, without leaving traces on disk, fileless malware is commonly used in attacks targeting Windows systems, but isn’t often seen in malware attacks targeting Linux.
As part of the observed attacks, Ezuri is used to decrypt the malicious payloads and leverage memfd create to execute them, Ofer Caspi and Fernando Martinez of AT&T Alien Labs explain.