Several thousand Linux devices infected with the Linux.Proxy.10 Trojan

According to the security firm Dr. Web , thousands of Linux-based devices have already been infected with the Linux.Proxy.10 Trojan.

A new Trojan dubbed Linux.Proxy.10 is targeting Linux-based devices transforming them into proxy servers that are used by attackers to protect their anonymity while launching cyber attacks from the hacked systems.

Linux.Proxy.10 was first discovered by researchers at the antivirus firm Doctor Web at the of 2016, the malware compromised thousands of machines and according to the experts the malicious code is still spreading.

“The Trojan, used by cybercriminals to infect numerous Linux network devices, has been named Linux.Proxy.10.” states the report published by Rr. Web. “As the name of this malicious program suggests, it is designed to run a SOCKS5 proxy server on the infected device on the basis of the freeware source code of the Satanic Socks Server. Cybercriminals use this Trojan to ensure that they remain anonymous online.”

The malware doesn’t include any module to hack into Linux systems, according to the experts the attackers use other Trojans and techniques to compromise devices and establish a new backdoor login account with username as “mother” and password as “fucker.”

Once installed the backdoor the attacker logs into a compromised device via SSH protocol and installs the SOCKS5 proxy server using the Linux malware on it.

This Linux.Proxy.10 malware leverages on the freeware source code of the Satanic Socks Server to setup a proxy.

The researchers at the Doctor Web discovered one of the servers used to distribute the Linux.Proxy.10, it was containing the lists of vulnerable devices along with a Spy-Agent administrator panel and a build of the BackDoor.TeamViewer Windows malware.

Linux.Proxy.10

Linux users and administrators are recommended to limit or completely disable remote root access via SSH, and monitor the newly generated login users to discover any evidence of infection.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Linux malware, Linux.Proxy.10)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.