Linux and Mac are definitely more secure operating system options than Microsoft Windows. But this does not mean that hackers cannot find ways to infect machines running these operating systems. Known as WellMess, this malware affects both Linux and Windows operating systems. In addition, it has two versions and although both versions of the malware remain the same, there are some minor differences.
Like other malicious programs, WellMess communicates with your command and control (C&C) center and downloads commands to perform other actions. Commands can be given from the C&C server to upload / download files and execute arbitrary shell commands. The Windows version also has the ability to run PowerShell scripts. WellMess malware was first reported in mid-2018. And newer variants of the 2020 malware have also been found, which have a wide range of additional features from the original samples.
The most recent WellNess samples differ from the 2018 samples as they now support communication with the C2 server via three separate communication methods: HTTP, HTTPS and DNS. For each communication method, the malware follows a similar process; establishes a connection with the C2 and then goes into an infinite loop to exchange data. The details of the initial connection differ for each method, but the main loop that exchanges data uses the same functions to perform malicious functions.
Other reads:
Drovorub – A Malware based on Linux system
Vovalex – Ransomware posing as Windows utilities
