Security News > 2021 > April > Stealthy RotaJakiro Backdoor Targeting Linux Systems
Previously undocumented and stealthy Linux malware named RotaJakiro has been discovered targeting Linux X64 systems.
Investigation revealed the backdoor malware they named RotaJakiro, because, say the researchers, "The family uses rotate encryption and behaves differently for root/non-root accounts when executing."
The malware supports 12 functions, three of which involve specific plug-ins that are downloaded from the C2s. The researchers have not managed to access any of the plug-ins, so cannot comment on their purpose.
The functions built into the malware can be categorized as collecting device information, stealing sensitive information, and managing the plug-ins.
"The stealthy nature of the malware is partly down to its rotation through various encryption algorithms while communicating with its C2 servers."At the coding level," say the researchers, RotaJakiro uses techniques such as dynamic AES, double-layer encrypted communication protocols to counteract the binary & network traffic analysis.
The second stage can execute commands from the C2 server, while the malware also includes simple anti-debugging techniques, data exfiltration, multi-level encryption of communication, and other capabilities.