New Linux Trojan
Monday, September 12, 2016 @ 07:09 PM gHale
A new Trojan coded in Rust is targeting Linux-based platforms, researchers said.
After finding and infecting the targets, the victim is then falling into a botnet controlled through an IRC channel, said researchers at Dr.Web.
Analysis of the Trojan, detected as Linux.BackDoor.Irc.16, reveals this may be only a proof-of-concept or a testing version in advance to a fully weaponized version.
Right now the Trojan only infects victims, gathers information about the local system and sends it to its C&C server.
The Rust-coded Trojan, also integrates the “irc” Rust library by Aaron Weiss, in order to communicate via the IRC protocol to a remote IRC public channel. Rust is a programming language sponsored by the Mozilla Foundation.
All Trojans that infect a target will automatically connect to this IRC channel and wait for commands.
The hacker in control of this IRC channel can submit a message to the channel’s public chat, and all connected bots will parse this message and execute it.
Support is currently included only for a limited set of commands, which is why Dr.Web researchers think this is malware its developers are still working on.
Researchers said the botnet’s operator can currently only query a bot for its technical specifications, retrieve a list of running processes (apps), and kill the malware, if they want to remove a bot. There’s also support for a feature that updates the Trojan’s source code, but it has not yet undergone full implementation.