Security experts have found a new trojan that targets Linux devices. Called Linux.Proxy.10, the trojan can transform infected machines into proxy servers to relay malicious traffic.
The Linux.Proxy.10 trojan is capable of hiding the true origin of attacks. Dr. Web, the security firm who unmasked this trojan, claims that thousands of devices have infected with this trojan. The operator of the trojan is dependent on other trojans to compromise target devices. It creates dummy user accounts on the infected device.
The dummy accounts created by the trojan are stored in a list on attacker’s server. The attacker can parse the list, log into affected devices using SSH and then download malware on all machines. The malware can also setup a local SOCKS5 proxy server on a list of device ports.
Dr. Web has found the control panel of a SpyAgent computer monitoring software and a build of BackDoor.TeamViewer spyware hosted on the same server where he found the list of devices affected by Linux.Proxy.10. There are high chances that the creators of Linux.Proxy malware are involved in other malware campaigns as well.
Users are advised to use the latest Linux kernel on their devices. Also, suspected applications and programs should be avoided.