A Simple And Efficient Linux Backdoor Trojan Discovered

This simple Linux trojan lets cybercriminals take control and execute command on your Linux machine

Linux computers, which was thought to malware and virus proof are being targeted by malware on a regular basis.

Malware researchers at a Russian security firm, Dr Web have identified a new Trojan for Linux devices that takes screenshots and logs keystrokes. According to researchers at Dr Web, there are signs that suggest that the Linux spyware, labelled Linux.BackDoor.Xunpes.1 consists of two sections.

Written in Free Pascal, the dropper component is tasked with infecting computers and downloading the second component, the main body of the backdoor trojan coded in C, which is also the actual malware payload.

While the dropper is quite common and was used for other malware families, the backdoor component includes support for quite a few commands despite its very small size.

The malware author can send over 40 different types of commands to any infected host once it has infected the computer. All commands are sent through a C&C (command and control) server, which allows the backdoor’s owner to remain semi-anonymous.

After an analysis of the trojan’s source code, Dr.Web security researchers said that some of the following commands can be performed by Linux.BackDoor.Xunpes:

• Download other files
• Launch files into execution
• Copy files
• Rename files
• Delete files
• Create folders
• Delete folders
• Run bash commands
• Simulate keystrokes
• Log keystrokes
• Upload keylogger files to a server
• Take a screenshot of the desktop
• Upload screenshots to a server
• Spy on the status of open sockets
• End communications
• Turn itself off

A similar trojan named Linux.Ekocms.1 was found last week that caused quite a stir. The Linux.Ekocms.1 trojan is one of the first Linux malware pieces that includes special features that allows it to take screenshots and record audio.

If this is not enough, there is also the Linux.Encoder ransomware which for the past few weeks has been scaring server admins. However, the good news is that Bitdefender researchers have managed to crack the ransomware time and time again.

To the above listed trojan, we need to also add the the Linux.Rekoobe trojan and the XOR DDoS malware, that target Linux machines only.

Gone are the days when Linux users thought that their operating system was superior or somehow impassable by malware, now they have to face the cold hard truth. When it came to security, Linux was never “magically” invulnerable. Also, with the increasing popularity of their operating system, malware authors will concentrate more of their energies on their valuable OS.