Security News > 2021 > April > New stealthy Linux malware used to backdoor systems for years
A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices.
RotaJakiro is designed to operate as stealthy as possible, encrypting its communication channels using ZLIB compression and AES, XOR, ROTATE encryption.
Attackers can use RotaJakiro to exfiltrate system info and sensitive data, manage plugins and files, and execute various plugins on compromised 64-bit Linux devices.
360 Netlab is yet to discover the malware creators' true intent for their malicious tool due to lack of visibility when it comes to the plugins it deploys on infected systems.
Command-and-control servers historically used by the malware have domains registered six years ago, in December 2015, all of them.
The two malware strains use the same commands after being deployed on compromised systems, similar construction methods and constants used by both developers.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- New Auto-Color Linux backdoor targets North American govts, universities (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)