Linux operating system was once known to be the most secure OS in the world, but things have changed since security researchers have found malware like Mirai and Bashlite infecting Linux-devices turning them into DDoS botnets. Now, another malware has been discovered targeting Linux.
Dubbed Linux.Proxy.10 by researchers at Dr. Web; the malware has been developed to run Socket Secure (SOCKS), an Internet protocol that routes network packets between a client and server through a proxy server by freeware source code of the Satanic Socks Server.
According to Dr. Web’s blog post, “To distribute Linux.Proxy.10, cybercriminals log into the vulnerable devices via the SSH protocol, and at the same time the list of devices, as well as the logins and passwords («IP address: login: password») that go with them, are stored on their server.”
When the backdoor is active, the hacker logs onto the machine that has been infected using an SSH protocol and then uses the Linux malware to install the SOCKS5 proxy server.
The Linux.Proxy.10 Trojan takes advantage of Satanic Socks Server’s freeware source code to establish a proxy.
An example of such list can be seen in the following picture:
Based on its pattern, researchers noted that Linux.Proxy.10 takes over those devices which are already infected with another malware or have standard settings.
The Linux.Proxy10 also comes with BackDoor.TeamViewer, a Spy-Agent administrator panel and a build of Windows malware from a known family of Trojan spyware.
If you are using a Linux device make sure to remotely scan your device on a daily basis, change security setting from standard to advance and keep an eye on new logins.
Also, encrypt data communication, use Linux security extensions, don’t forget to lock user accounts after login failures, disable root login, and last but not the least configure logging and auditing to collect all hacking attempts.