(Security Affairs – Linux.BackDoor.Irc.16, Linux Trojan)
It is a prolific period for Vxers working on Linux Trojan, a new strain was recently spotted by experts from Doctor Web. The new Linux Trojan has been named Linux.BackDoor.Irc.16 and is written in the Rust programming language.Rust is a general-purpose, multi-paradigm, compiled programming language promoted by Mozilla Research. It is designed to be a “safe, concurrent, practical language.”
“Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. “
“Unlike the majority of its counterparts, Linux.BackDoor.Irc.16 is written in Rust, a programming language whose creation was sponsored by Mozilla Research. ” reported Dr. Web in a blog post.
The Linux.BackDoor.Irc.16 Linux Trojan implements the features of a classical backdoor that allow attackers to remotely control the infected system by sending it via the IRC (Internet Relay Chat) protocol.
Once the Linux Trojan is executed it connects to a specific public chat channel that is indicated in its configuration, then it waits for commands.
According to malware researchers from DrWeb, the Linux Trojan is able to execute just four commands:
The experts spotted a first stable version in 2015, according to Dr Web, the Linux.BackDoor.Irc.16 backdoor was designed to be a cross-platform malware. The experts who have analyzed the threat speculate it is a prototype for an ongoing project, they noticed in fact that it Linux Trojan is not able to replicate itself and the IRC channel used as C&C infrastructure are no more active.
“Doctor Web’s analysts believe that Linux.BackDoor.Irc.16 is, in fact, a prototype (Proof of Concept), because it cannot replicate itself, and the IRC channel used by the Trojan to receive commands from cybercriminals is not currently active.” reported Dr Web.
Recently other Linux malware were spotted in the wild by security experts such as the Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet and Linux.Lady that is used by crooks to mine cryptocurrency.
[adrotate banner=”9″]
(Security Affairs – Linux.BackDoor.Irc.16, Linux Trojan)
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.