VERY IMPORTANT

Auto-color is a newly discovered Linux malware that employs sophisticated evasion techniques. It renames itself to benign-looking filenames, hides remote C2 connections using advanced methods similar to Symbiote malware, and uses proprietary encryption for communication. The malware installs a malicious library implant to intercept system calls and conceal its network activity. It provides threat actors with full remote access to compromised machines and is difficult to remove. Auto-color primarily targets universities and government offices in North America and Asia. The malware's C2 protocol includes a simple handshake and encrypted messages for issuing commands. Its capabilities include file operations, network proxying, and creating reverse shells.