Introduction In our last post, we saw how to make a simple virus that propagates inside ELF 64-bits files but we saw at the end that the way we did it was not really stealthy and the whole point of a malware is to be stealthy to avoid being spotted and removed. To remedy to that, we will now use a new technique that won’t raise any suspicions when the infected binary is being inspected with the readelf command.

Introduction During this post, we will learn how to code a simple ELF infector on Linux. This infector will spread and sel-replicate inside the other binaries that it finds. It will get executed when infected binaries are launched so that it can spread even more. The payload will be harmless, just a signature to attest that the binary has been infected. This infector will be very basic and undisguised at all, any reverse-engineer could see that a file has been infected by executing a simple readelf command (We will get more into that later).