Security experts have found a new trojan that targets Linux devices. Called Linux.Proxy.10, the trojan can transform infected machines into proxy servers to relay malicious traffic.
The Linux.Proxy.10 trojan is capable of hiding the true origin of attacks. Dr. Web, the security firm who unmasked this trojan, claims that thousands of devices have infected with this trojan. The operator of the trojan is dependent on other trojans to compromise target devices. It creates dummy user accounts on the infected device.
The dummy accounts created by the trojan are stored in a list on attacker’s server. The attacker can parse the list, log into affected devices using SSH and then download malware on all machines. The malware can also setup a local SOCKS5 proxy server on a list of device ports.
Dr. Web has found the control panel of a SpyAgent computer monitoring software and a build of BackDoor.TeamViewer spyware hosted on the same server where he found the list of devices affected by Linux.Proxy.10. There are high chances that the creators of Linux.Proxy malware are involved in other malware campaigns as well.
Users are advised to use the latest Linux kernel on their devices. Also, suspected applications and programs should be avoided.
Why don’t the Internet of shiT vendors employ people who understand Unix security?
[…] The way media talks about hackers in 2017, it would be easy to believe they are under the floorboards just waiting for you to leave your computer unattended. In just the last few weeks, a cybercriminal known only as TheDarkOverlord held Netflix to ransom after stealing season five of Orange is the New Black, and researchers hijacked a robotic arm to prove that even the hardest working machines are not safe from malicious computer users. […]