1. Hackers exploit reverse TCP shells on Linux/Unix systems to gain unauthorized remote access.
2. This enables them to execute commands, exfiltrate data, and compromise system security.
3. Cybersecurity researchers at PwC discovered a reverse TCP shell called 'SnappyTCP' with C2 capabilities.
4. SnappyTCP has been used by the Teal Kurma group to target Europe and the Middle East since 2017.
5. The malware uses vulnerabilities like CVE-2021-44228, CVE-2021-21974, and CVE-2022-0847.
6. SnappyTCP has basic C2 functionality and two variants – one with TLS encryption and one without.
7. The malware communicates with a server under the attacker's control using HTTP requests.
8. SnappyTCP binaries use various toolchains and may employ shared object files or executables.
9. The malware has been linked to Teal Kurma's activity through public code and infrastructure analysis.
10. SnappyTCP has targeted the NGO, media, government, telecom, and IT provider sectors.
11. Security recommendations include checking logs, setting up alerts, conducting forensic analysis, and blocking malicious indicators.
#Cybersecurity #SnappyTCP #ReverseShell #Linux #Unix #TealKurma #Malware #SecurityRecommendations