A new Linux trojan has emerged to create peer-to-peer (P2P) botnets directly on your system. This malware was initially spotted a Drupal ransomware to affect some old websites.
Stromshield and Dr. Web teams have found that trojan Linux.Rex.1, written in Go language, attacks web servers that are based on an open source CMS such as Drupal, WordPress and Magento among others using CVE-2014-3704 SQL Injection vulnerability. Researchers at antivirus company Dr. Web moved a step further and reported that the malware program searches for network hardware with AirOS and then exploits its known vulnerabilities to access confidential user lists, private SSH keys and login credentials.
The trojan can exist as a botnet on a Linux device to develop a network of private computers infected without the knowledge of its owner and send spam email messages to website owners. It can also distribute itself and replicates on the server.
Dr. Web claims that all its anti-malware and antivirus solutions can detect and remove Linux.Rex.1 from Linux systems. However, a patch to fix the vulnerability is yet to be revealed.