Researchers from security firm Intezer revealed the Lightning Framework last week, a newly-discovered malware framework for Linux that’s gone undocumented for some time.
Frameworks provide a foundation for common application functions and operations. The Lightning Framework is a “swiss army knife” for malware developers, describes security firm Intezer.
In a blog post, security researcher Ryan Robinson said it’s unusual to see such a complex architecture designed to attack Linux computers. He added that Lightning is a modular framework with a wealth of features, including the ability to install several types of rootkits and plugins.
Lightning comprises a downloader (Lightning.Downloader) and a core module named Lightning.Core. They link to a command and control server that listens to orders and pushes modules to a victim’s device. Attackers can then execute modules that perform various malicious tasks.
An unprecedented Linux malware
Malware frameworks have been around for a while, but frameworks with full support for attacks on Linux PCs are rare. No cases of the Lightning Framework have been identified in the wild so far. However, given the number of potential capabilities, stealth is unquestionably part of the modus operandi.