New Linux Trojan

Monday, September 12, 2016 @ 07:09 PM gHale


A new Trojan coded in Rust is targeting Linux-based platforms, researchers said.

After finding and infecting the targets, the victim is then falling into a botnet controlled through an IRC channel, said researchers at Dr.Web.

RELATED STORIES
Macro-based Malware Evolution
Macs Targeted with Backdoor
CryptWare Backdoor Fixed
Trojan Allows Remote Access

Analysis of the Trojan, detected as Linux.BackDoor.Irc.16, reveals this may be only a proof-of-concept or a testing version in advance to a fully weaponized version.

Right now the Trojan only infects victims, gathers information about the local system and sends it to its C&C server.

The Rust-coded Trojan, also integrates the “irc” Rust library by Aaron Weiss, in order to communicate via the IRC protocol to a remote IRC public channel. Rust is a programming language sponsored by the Mozilla Foundation.

All Trojans that infect a target will automatically connect to this IRC channel and wait for commands.

The hacker in control of this IRC channel can submit a message to the channel’s public chat, and all connected bots will parse this message and execute it.

Support is currently included only for a limited set of commands, which is why Dr.Web researchers think this is malware its developers are still working on.

Researchers said the botnet’s operator can currently only query a bot for its technical specifications, retrieve a list of running processes (apps), and kill the malware, if they want to remove a bot. There’s also support for a feature that updates the Trojan’s source code, but it has not yet undergone full implementation.