According to cybersecurity company Intezer, the malware’s name comes from one of the filenames that is used to temporarily store the result of commands that have been executed ("/tmp/.orbit").
The malware works similarly to Symbiote in that it’s made to infect all of the active processes on the affected PCs. But in contrast to the latter, which uses the LD PRELOAD environment variable to load the shared object, OrBit uses two separate approaches. Read More…