{"id":47080,"date":"2022-06-10T19:21:39","date_gmt":"2022-06-10T19:21:39","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/symbiote-malware-stealthy-linux-based-threat-financial-industry"},"modified":"2022-06-10T19:21:39","modified_gmt":"2022-06-10T19:21:39","slug":"symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/","title":{"rendered":"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt30e8149928c8967d\/61ef2f651c73f512f50402cb\/bankingtrojan_Profit_Image_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A stealthy Linux threat called Symbiote is targeting financial institutions in Latin America, with all file, processes, and network artifacts hidden by the malware, making it virtually invisible to detection by live forensics.<\/p>\n<p>The malware was first uncovered in November, according to a blog post by BlackBerry Research.&nbsp;What sets Symbiote apart from other Linux malware is its approach to infecting running processes, rather than using a stand-alone executable file to inflict damage.<\/p>\n<p>It then harvests credentials to provide remote access for the threat actor, exfiltrating credentials as well as storing them locally. <\/p>\n<p>&#8220;It operates as a rootkit and hides its presence on the machine. Once it has infected the machine fully, it allows you to see only what it wants you to see,&#8221; Joakim Kennedy, security researcher at Intezer and author of the <a href=\"https:\/\/blogs.blackberry.com\/en\/2022\/06\/symbiote-a-new-nearly-impossible-to-detect-linux-threat\" target=\"_blank\" rel=\"noopener\">BlackBerry blog post<\/a>, explains. &#8220;Essentially, you can&#8217;t trust what the machine is telling you.&#8221;<\/p>\n<p>However, it can be detected externally, he says,&nbsp;since it exfiltrates stolen credentials via the DNS requests. <\/p>\n<p>Kennedy says the domain names the malware uses impersonate big banks in Brazil, which also helps it&nbsp;stay under the radar.<\/p>\n<p>&#8220;While we couldn&#8217;t tell based on only what we found, attackers targeting financial institutions are often motivated by potential monetary gain,&#8221; he says. <\/p>\n<h2 class=\"regular-text\">Shared Object Library<\/h2>\n<p>Nicole Hoffman, senior cyber threat intelligence analyst at Digital Shadows, points out that unlike most malware variants, the Symbiote malware is a shared object library, instead of an executable file.<\/p>\n<p>Symbiote uses the LD_PRELOAD variable that allows it to be pre-loaded by applications before other shared object libraries.<\/p>\n<p>&#8220;This is a sophisticated and evasive technique that can help the malware blend in with legitimate running processes and applications, which is one of the reasons Symbiote is difficult to detect,&#8221; she says. <\/p>\n<p>The malware also has Berkeley Packet Filter (BPF) hooking functionality. Packet capture tools intercept, or capture, network traffic typically for the purposes of an investigation.<\/p>\n<p>BPF is a tool embedded within several <a href=\"https:\/\/www.darkreading.com\/cloud\/linux-malware-on-the-rise-including-illicit-use-of-cobalt-strike\" target=\"_blank\" rel=\"noopener\">Linux<\/a> operating systems that allows users to filter out certain packets depending on the type of investigation they are performing, which can reduce the overall results, making analysis easier.<\/p>\n<p>&#8220;The Symbiote malware is designed to essentially filter its traffic out of the packet capture results,&#8221; Hoffman explains. &#8220;This is just another layer of stealth used by the attackers to cover their tracks and fly under the radar.&#8221;<\/p>\n<p>Kennedy adds that&nbsp;this is the first time the BPF hooking functionality has been observed operating&nbsp;in this way, and points out that other malware variants have&nbsp;typically used BPF to receive commands from their command-and-control server.<\/p>\n<p>&#8220;This malware instead uses this method to hide network activity,&#8221; he says. &#8220;It&#8217;s an active measure used by the malware to prevent being detected if someone investigates the infected machine \u2014&nbsp;like covering up its footsteps so it&#8217;s harder to track down.\u201d<\/p>\n<h2 class=\"regular-text\">Easier to Attack?<\/h2>\n<p>Mike Parkin, senior technical engineer at Vulcan Cyber, says there may be a perception on the attacker&#8217;s part that the targets in Latin America have a less mature security infrastructure and would thus be easier to attack.<\/p>\n<p>He explains that the attackers went out of their way to hide their malware from anything that&#8217;s running on the infected system, leveraging BPF to hide their communications traffic. <\/p>\n<p>&#8220;While this will work on the local host, other network-monitoring tools will be able to identify the hostile traffic and the infected source,&#8221; he says. <\/p>\n<p>He explains that there are several <a href=\"https:\/\/www.darkreading.com\/endpoint\" target=\"_blank\" rel=\"noopener\">endpoint<\/a> tools available that should identify changes on a victim system.<\/p>\n<p>&#8220;There are also forensic techniques that can use the malware&#8217;s own behavior against it to reveal its presence,&#8221; he notes. &#8220;The authors who created Symbiote went to great lengths hide their malware. They leveraged a combination of techniques, though in so doing delivered some indicators of compromise that defenders could use to identify an infection in-situ.&#8221;<\/p>\n<p>Kennedy says that the most important action is to focus on the techniques used by this malware to ensure that you can detect and\/or protect against those, whether you&#8217;re protecting against Symbiote or another attack that uses the same technique.<\/p>\n<p>&#8220;I would say Symbiote, and other recently discovered undetected Linux malware, shows that operating systems other than Windows are not immune to highly evasive malware,&#8221; he says. &#8220;Since it doesn\u2019t get as much attention as Windows malware, we don&#8217;t know what else is out there that hasn\u2019t been discovered yet.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/symbiote-malware-stealthy-linux-based-threat-financial-industry\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A Linux-based banking Trojan is a master at staying under the radar.Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/symbiote-malware-stealthy-linux-based-threat-financial-industry\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-47080","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-10T19:21:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt30e8149928c8967d\/61ef2f651c73f512f50402cb\/bankingtrojan_Profit_Image_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry\",\"datePublished\":\"2022-06-10T19:21:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/\"},\"wordCount\":759,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt30e8149928c8967d\\\/61ef2f651c73f512f50402cb\\\/bankingtrojan_Profit_Image_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/\",\"name\":\"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt30e8149928c8967d\\\/61ef2f651c73f512f50402cb\\\/bankingtrojan_Profit_Image_shutterstock.jpg\",\"datePublished\":\"2022-06-10T19:21:39+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt30e8149928c8967d\\\/61ef2f651c73f512f50402cb\\\/bankingtrojan_Profit_Image_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt30e8149928c8967d\\\/61ef2f651c73f512f50402cb\\\/bankingtrojan_Profit_Image_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/","og_locale":"en_US","og_type":"article","og_title":"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-06-10T19:21:39+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt30e8149928c8967d\/61ef2f651c73f512f50402cb\/bankingtrojan_Profit_Image_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry","datePublished":"2022-06-10T19:21:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/"},"wordCount":759,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt30e8149928c8967d\/61ef2f651c73f512f50402cb\/bankingtrojan_Profit_Image_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/","url":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/","name":"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt30e8149928c8967d\/61ef2f651c73f512f50402cb\/bankingtrojan_Profit_Image_shutterstock.jpg","datePublished":"2022-06-10T19:21:39+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt30e8149928c8967d\/61ef2f651c73f512f50402cb\/bankingtrojan_Profit_Image_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt30e8149928c8967d\/61ef2f651c73f512f50402cb\/bankingtrojan_Profit_Image_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/symbiote-malware-poses-stealthy-linux-based-threat-to-financial-industry\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47080","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47080"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47080\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}