Security News > 2021 > April > Stealthy Linux backdoor malware spotted after three years of minding your business
2021-04-29 23:40
Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years.
An MD5 signature for the file systemd-daemon first showed up in VirusTotal back on May 16, 2018 without the detection of any known malware.
Netlab has dubbed the malware family RotaJakiro because it uses encryption with a rotate function and has different behavior depending on whether it's running on a root or non-root account.
The malware makes an effort to conceal itself by using multiple encryption algorithms.
The malware is not an exploit; rather it's a payload that opens a backdoor on the targeted machine.
At least the malware is starting to get noticed by antivirus software.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems (source)
- Watch out for any Linux malware sneakily evading syscall-watching antivirus (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- ⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors (source)
- Linux wiper malware hidden in malicious Go modules on GitHub (source)
- Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse (source)