Security News > 2021 > April > New stealthy Linux malware used to backdoor systems for years
A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices.
RotaJakiro is designed to operate as stealthy as possible, encrypting its communication channels using ZLIB compression and AES, XOR, ROTATE encryption.
Attackers can use RotaJakiro to exfiltrate system info and sensitive data, manage plugins and files, and execute various plugins on compromised 64-bit Linux devices.
360 Netlab is yet to discover the malware creators' true intent for their malicious tool due to lack of visibility when it comes to the plugins it deploys on infected systems.
Command-and-control servers historically used by the malware have domains registered six years ago, in December 2015, all of them.
The two malware strains use the same commands after being deployed on compromised systems, similar construction methods and constants used by both developers.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Chinese hackers target Linux with new WolfsBane malware (source)