Bifrost

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Bifrost, a malicious software (malware) known for its harmful activities since 2004, has been observed in new variants targeting Linux servers as of March 2024. This remote access Trojan (RAT) is capable of gathering sensitive information such as hostname and IP address from a compromised system. Recent findings by Palo Alto Networks have indicated a surge in Bifrost Linux variants over the past few months, with more than 100 instances detected. This increase raises significant concerns among security experts and organizations due to the malware's potential to disrupt operations and steal personal information. The new Bifrost RAT variant employs a deceptive practice known as typosquatting, mimicking a legitimate VMware domain to evade detection. Additionally, there are indications that cyberattackers aim to widen Bifrost's attack surface by using a malicious IP address associated with a Linux variant hosting an ARM version of Bifrost. This suggests that as ARM-based devices become more prevalent, cybercriminals may adapt their tactics to include ARM-based malware, enhancing the strength and reach of their attacks. Historically, there have been overlaps and infrastructure ties between Bifrost and other Trojans such as FakeM MSN, Elirks, and Poison Ivy, dating back to 2009. These connections suggest that the same developer might have been involved in creating these specific samples. Despite being an old-timer in the world of malware, Bifrost remains a significant threat to individuals and organizations, particularly with its evolving tactics like typosquatting. As such, tracking and counteracting malware like Bifrost is crucial for safeguarding sensitive data and maintaining the integrity of computer systems.
What's your take? (Question 1 of 5)
fed80f2e-8b5d-4546-a850-06010a7b9072 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bifrose
3
Bifrose, also known as Bifrost, is a type of malware that is designed to infiltrate and exploit computer systems. This malicious software can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal info
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Rat
Malware
Linux
Exploit
Google
Trojan
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-26083Unspecified
2
None
CVE-2021-29256Unspecified
2
None
Source Document References
Information about the Bifrost Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
3 months ago
The Art of Domain Deception: Bifrost's New Tactic to Deceive Users
CERT-EU
3 months ago
The Art of Domain Deception: Bifrost's New Tactic to Deceive Users
DARKReading
3 months ago
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting
Securityaffairs
3 months ago
Linux variant of BIFROSE RAT uses deceptive domain strategies
CERT-EU
3 months ago
Bifrost RAT Now Equipped with a Linux Variant
CERT-EU
3 months ago
Linux users beware: New Bifrost malware variant poses imminent threat
CERT-EU
3 months ago
New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
CERT-EU
3 months ago
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting - Slashdot
CERT-EU
8 months ago
Arm patches Mali GPU driver bug exploited by spyware
CERT-EU
a year ago
Threat Roundup for April 14 to April 21
CERT-EU
3 months ago
SUSE: 2024:0763-1 moderate: python-cryptography | LinuxSecurity.com
CERT-EU
3 months ago
SUSE: 2024:0769-1 critical: postgresql-jdbc | LinuxSecurity.com
CERT-EU
3 months ago
New Bifrost malware for Linux mimics VMware domain for evasion
CERT-EU
3 months ago
SUSE: 2024:0764-1 important: wpa_supplicant | LinuxSecurity.com
CERT-EU
8 months ago
Arm warns of Mali GPU flaws likely exploited in targeted attacks
CERT-EU
3 months ago
Ubuntu 6669-1: Thunderbird vulnerabilities | LinuxSecurity.com
CERT-EU
3 months ago
Ubuntu 6649-2: Firefox regressions | LinuxSecurity.com
MITRE
a year ago
Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists
CERT-EU
a year ago
Google issues patches for 46 bugs: 3 faced targeted exploitation, 1 critical
MITRE
a year ago
The Trail of BlackTech’s Cyber Espionage Campaigns