Operating under the radar, the Linux-based Autocolor malware is wreaking havoc. Its access point remains unknown, yet it’s actively targeting government and university systems across the USA and Asia. This malware cleverly disguises itself using benign-looking files like “egg,” “door,” or “log,” which, upon execution, unleash the malicious Autocolor malware. At Inovasys, we don’t wait for damage to act. Our cybersecurity team responded swiftly — analyzing the threat, applying intelligence, and proactively deploying countermeasures to protect our clients through advanced cyber defense services.
This emerging and evasive backdoor was discovered by cybersecurity researchers between early November and December 2024. The malware is designed to grant threat actors full remote access and is difficult to remove without specialized software.
This malware employs a variety of sophisticated evasion techniques. It cleverly disguises itself using benign-looking file names like “egg,” “door,” or “log,” which, upon execution, unleash the malicious Autocolor payload. The threat also hides its remote command and control (C2) connections using a technique similar to the Symbiote malware family and utilizes proprietary encryption algorithms to conceal communication and configuration information.
Once executed, if it detects it has root privileges, the malware proceeds with an installation phase, mimicking a legitimate library called libcext.so.2. It then copies and renames itself to /var/log/cross/auto-color and ensures it is loaded first by the OS loader, allowing it to "hook" or override core library functions. This grants it the ability to intercept and modify system behavior. The malware's primary goals are evasion and persistence, as it hides network activity and protects its own files from being modified or removed, which makes uninstallation a significant challenge.
At Inovasys, we have thoroughly examined the malware's tactics, from its initial execution to its persistence and evasion mechanisms, to develop robust defense strategies and ensure the resilience of our digital environments.
Inovasys, founded in 2014, has been a leader in providing advanced technology solutions. By 2020, it became known as a service provider. The company aims to be the best partner for businesses looking to improve their operations with digital technology.