Security News > 2021 > April > Stealthy Linux backdoor malware spotted after three years of minding your business
2021-04-29 23:40
Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years.
An MD5 signature for the file systemd-daemon first showed up in VirusTotal back on May 16, 2018 without the detection of any known malware.
Netlab has dubbed the malware family RotaJakiro because it uses encryption with a rotate function and has different behavior depending on whether it's running on a root or non-root account.
The malware makes an effort to conceal itself by using multiple encryption algorithms.
The malware is not an exploit; rather it's a payload that opens a backdoor on the targeted machine.
At least the malware is starting to get noticed by antivirus software.
News URL
Related news
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)