January 25, 2017
A new Trojan has been discovered in the wild that turns Linux-based devices into proxy servers, which attackers use to protect their identity while launching cyber attacks from the hijacked systems.
Dubbed Linux.Proxy.10, the Trojan was first spotted at the end of last year by the researchers from Russian security firm Doctor Web, who later identified thousand of compromised machines by the end of January this year and the campaign is still ongoing and hunting for more Linux machines.
According to researchers, the malware itself doesn’t include any exploitation module to hack into Linux machines; instead, the attackers are using other Trojans and techniques to compromise devices at the first place and then create a new backdoor login account using the username as “mother” and password as “fucker.”
Once backdoored and the attacker gets the list of all successfully compromised Linux machines, and then logs into them via SSH protocol and installs the SOCKS5 proxy server using Linux.Proxy.10 malware on it.
This Linux malware is not at all sophisticated since it uses a freeware source code of the Satanic Socks Server to setup a proxy.
According to the security firm, thousands of Linux-based devices have already been infected with this new Trojan.
This is not the first time when such Linux malware has been discovered.
Over a year ago, ESET security researchers uncovered a similar malware, dubbed Moose, that also had the capability to turn Linux devices into proxy servers that were then used for launching armies of fake accounts on social media networks, including Instagram, and Twitter.