New Malware Tactic Utilizes Emulated Linux Environments

New malware tactic uses emulated Linux environments for covert attacks. Attackers are now distributing a custom QEMU-emulated Linux environment through a malicious .lnk file in phishing emails, which, when executed, installs a Tiny Core Linux backdoor. This method allows for persistent access on the victim’s machine while remaining undetectable by most antivirus tools. The emulated environment facilitates secure communication with a command and control server, enabling encrypted data exfiltration and further payload deployment.