See: https://www.virustotal.com/nl/file/26e9816116de8b26ba0b1aa12fe4177dd1196ccdb9c93cbcd1b0593ce3f81e79/analysis/
Firefox zero day
Background news: https://www.reddit.com/r/linux/comments/3cegok/unknown_selinux_exploit_found_in_the_hacking/
Analysis: https://malwr.com/analysis/NjU5Mjk3ZGVhOWQ0NDMwMGI2YTM5ZGRlMmFiMjUxZTM/

Files became public because of a transparency report to land at VT.
Hacking Team sat on two zero days, that were leaked through a security breach.
Hacking Team developed government spyware 8).

polonus

Info credits for VT uploads in this thread go to Jacob Appelbaum (credits go where credits due)

Bad luck. ;D

Why develop such ELF file malware for Linux? Read for background musings: https://security.stackexchange.com/questions/92777/why-use-oddly-compiled-elf-files-for-linux-malware.
A vulnerabilty in the parser is being exploited to fool av detection,
so we have to look for it at kernel level to get a better detection.

polonus

But Avast did a great job on another one, where it was one of the only five to detect - see:
https://www.virustotal.com/nl/file/a03a6ed90b89945a992a8c69f716ec3c743fa1d958426f4c50378cca5bef0a01/analysis/1436184181/

So I expect the one provided earlier in this thread will also soon be detected by Avast

polonus

P.S. Avast still missed on this one: https://www.virustotal.com/nl/file/06281627f84c7e2f37f2cafd609a592ddb46a28c03f39185c13da1fa9e6a6d53/analysis/

Damian

Very advanced hacks specially prepared for dubious government organizations
or maybe acquired via a pre-sale and used by your national police:
https://twitter.com/markloman/status/618341156125048832

polonus

Selinux exploit, the basics for it going back a long, long time to 2011: http://insidetrust.blogspot.com/2011/06/webserver-defense-in-depth-hackers-vs.html It works like malware that diables your AV on windows, pure crime.

Background reading: http://www.macrumors.com/2015/07/06/hacking-team-jailbroken-iphone/
also proofs that Skype isn’t secure here…allthough MS will never deny nor confirm this.

from a security perspective, the latest jailbreaking software is designed to obfuscate how it works, comes from teams based outside the United States, and disables several security features.

polonus

Interesting resources - look up the hashes → http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
and here: https://github.com/security-automation/crits-adapter/blob/master/datagen_samples/file_hashes.txt

pol