A Simple And Efficient Linux Backdoor Trojan Discovered

This simple Linux trojan lets cybercriminals take control and execute command on your Linux machine

Linux computers, which was thought to malware and virus proof are being targeted by malware on a regular basis.

Malware researchers at a Russian security firm, Dr Web have identified a new Trojan for Linux devices that takes screenshots and logs keystrokes. According to researchers at Dr Web, there are signs that suggest that the Linux spyware, labelled Linux.BackDoor.Xunpes.1 consists of two sections.

Written in Free Pascal, the dropper component is tasked with infecting computers and downloading the second component, the main body of the backdoor trojan coded in C, which is also the actual malware payload.

While the dropper is quite common and was used for other malware families, the backdoor component includes support for quite a few commands despite its very small size.

The malware author can send over 40 different types of commands to any infected host once it has infected the computer. All commands are sent through a C&C (command and control) server, which allows the backdoor’s owner to remain semi-anonymous.

After an analysis of the trojan’s source code, Dr.Web security researchers said that some of the following commands can be performed by Linux.BackDoor.Xunpes:

• Download other files
• Launch files into execution
• Copy files
• Rename files
• Delete files
• Create folders
• Delete folders
• Run bash commands
• Simulate keystrokes
• Log keystrokes
• Upload keylogger files to a server
• Take a screenshot of the desktop
• Upload screenshots to a server
• Spy on the status of open sockets
• End communications
• Turn itself off

A similar trojan named Linux.Ekocms.1 was found last week that caused quite a stir. The Linux.Ekocms.1 trojan is one of the first Linux malware pieces that includes special features that allows it to take screenshots and record audio.

If this is not enough, there is also the Linux.Encoder ransomware which for the past few weeks has been scaring server admins. However, the good news is that Bitdefender researchers have managed to crack the ransomware time and time again.

To the above listed trojan, we need to also add the the Linux.Rekoobe trojan and the XOR DDoS malware, that target Linux machines only.

Gone are the days when Linux users thought that their operating system was superior or somehow impassable by malware, now they have to face the cold hard truth. When it came to security, Linux was never “magically” invulnerable. Also, with the increasing popularity of their operating system, malware authors will concentrate more of their energies on their valuable OS.

5 COMMENTS

  1. “Gone are the days when Linux users thought that their operating system was superior or somehow impassable by malware, now they have to face the cold hard truth.”
    You sound like a ticked off Mac user, who’s recently realized similarly about Mac, when writing that. If anything, Linux users are the most aware of security, sure — but that doesn’t mean they think they’re invulnerable (most of them, anyway — humans are humans, and some let it get to their heads). The server admins in particular are painfully aware that software has to be kept up to date precisely due to vulnerabilities. Like security experts will tell you — there’s no “safe”, only “safer”.
    And, y’know, disconnecting from the Internet + not plugging anything in.

  2. the other comment beat me to it. I was thinking, maybe at some point in your life, someone who valued Linux was an asshole to you…

    also, you’ve gotta install this malware yourself to become infected… that’s not a linux weakness, that’s a user weakness. You can dislike linux, and linux users for whatever reasons you like, but it’s not healthy to spread hate.

  3. It’s just a supply and demand thing. With more and more Linux machines in supply to be hacked the demand to hack or create malware rises. With more and more people switching to Linux based OSs it makes them a bigger target. It seems that good ole microshaft and crapintosh are getting a run for their money in the malware business well maybe not so much mac.

  4. Any security vulnerabilities are due to the os designers bloating their software with too many things, And never fully testing the security of any of it. An experienced Linux user knows whats not secure and refuses to use it.
    However we all have our lazy days, When we just want to turn the thing on and browse the web or play a game, And bam your hit with usually badly written software which opens up a hole somewhere.
    I never did believe that any OS could be totally secure, But in a comparison to my windows computers. Windows is lucky to last a few months without killing itself, Or catching a virus. Linux on the other can last for many years without either happening. It all depends on the user, And sometimes just sheer luck.
    Aside from all of that, It sure would be nice if we lived in a world where the antivirus companies werent the ones creating the viruses just to sell their product.

  5. Most governments, armies, navy, etc. use some form of Linux. NSA even created SELinux, there must be some security advantage to it.

    I think the advantages are:
    – Most Linux distributions use packages, repositories and usually you don’t need to download things.
    – Linux users never run any executable without being sure that it’s secure. Executables need the execute permission to run. You are less likely to get infected by opening a document/image.
    – Linux users have a strong preference for Open Source apps and strong dislike for closed ones.
    – Linux users actually run with limited privileges most of the time, Ubuntu actually disables the root user.

    Linux could be even more secure with:
    – More strict memory protection, it’s already really good.
    – Things like SELinux and similar enabled by default with minimal permissions. Any app must have minimal permissions by default.
    – Maybe it’s time for binary rules and validation like Google’s NaCl.

    Linux is probably the most secure OS out there and it’s getting even more secure.
    Linux users are the most security aware and tend to have a defensive behavior.
    Unless there’s a critical vulnerability in a Linux service la Apache, NGINX or SSH, you are mostly safe.
    There are few reasons why a Linux server would ever have anything exposed with the exception of the webserver and SSH.

LEAVE A REPLY

Please enter your comment!
Please enter your name here