ExaTrack, a France-based cybersecurity firm, has discovered a “novel” malware, which they have named Mélofée. According to the researchers, this malware is specifically targeting Linux servers and is believed to be operated by an unidentified Chinese state-backed APT group.
The researchers have linked this malware to the notorious Winnti group with high confidence. “We linked with high confidence this malware to Chinese state-sponsored APT groups, in particular the notorious Winnti group,” researchers said in a blog post.
According to THN’s report, the malware has also been linked to another state-sponsored APT group called Earth Berberoka (or GamblingPuppet), which mainly targets gambling websites in China and has been active since 2020. The group uses multi-platform malware such as Pupy RAT and HelloBot.
The malware’s capabilities include a kernel-mode rootkit, which is based on an open-source project called Reptile. The rootkit has limited features, as it mainly installs a hook designed to keep itself hidden.
