A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.

Researchers from Unit 42 at Palo Alto Networks have identified a new Linux variant of the Bifrost RAT, with advanced evasion techniques and a fake domain similar to VMware’s. The malware, known for 20 years, now features an ARM version, indicating expansion to new architectures. Although not extremely sophisticated, Bifrost is evolving into a more covert and widespread threat.