A new Trojan dubbed Linux.Proxy.10 is targeting Linux-based devices transforming them into proxy servers that are used by attackers to protect their anonymity while launching cyber attacks from the hacked systems.
Linux.Proxy.10 was first discovered by researchers at the antivirus firm Doctor Web at the of 2016, the malware compromised thousands of machines and according to the experts the malicious code is still spreading.
“The Trojan, used by cybercriminals to infect numerous Linux network devices, has been named Linux.Proxy.10.” states the report published by Rr. Web. “As the name of this malicious program suggests, it is designed to run a SOCKS5 proxy server on the infected device on the basis of the freeware source code of the Satanic Socks Server. Cybercriminals use this Trojan to ensure that they remain anonymous online.”
The malware doesn’t include any module to hack into Linux systems, according to the experts the attackers use other Trojans and techniques to compromise devices and establish a new backdoor login account with username as “mother” and password as “fucker.”
Once installed the backdoor the attacker logs into a compromised device via SSH protocol and installs the SOCKS5 proxy server using the Linux malware on it.
This Linux.Proxy.10 malware leverages on the freeware source code of the Satanic Socks Server to setup a proxy.
The researchers at the Doctor Web discovered one of the servers used to distribute the Linux.Proxy.10, it was containing the lists of vulnerable devices along with a Spy-Agent administrator panel and a build of the BackDoor.TeamViewer Windows malware.
Linux users and administrators are recommended to limit or completely disable remote root access via SSH, and monitor the newly generated login users to discover any evidence of infection.
[adrotate banner=”9″]
(Security Affairs – Linux malware, Linux.Proxy.10)
CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported…
AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025,…
A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI…
Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including…
Italy stopped Russian-linked cyberattacks targeting Foreign Ministry offices and Winter Olympics websites and hotels, Foreign…
This website uses cookies.