Linux Backdoor Discovered That Went Unnoticed For Three Years

China's security team Qihoo 360 Netlab has detected Linux backdoor malware that went undetected for three years.

The backdoor was discovered in the course of analyzing suspicious traffic from one of the system processes identified during the analysis of the structure of the botnet used for the DDoS attack. Prior to that, RotaJakiro remained unnoticed for three years, in particular, the first attempts to check files with MD5 hashes in the VirusTotal service that match the detected malware were dated May 2018.

The malware disguises its activity by using encryption and compression techniques and program names very similar to standard Linux system programs. The names of the programs are different depending on whether RotaJakiro is running on behalf of the main system administrator or a regular user.

The malware is not an exploit; rather, it is a payload that opens a backdoor on the target machine. It can be installed by an unsuspecting user, an attacker, or through a Trojan dropper.

At the moment, experts do not fully understand the whole essence of his work. But now they have discovered 12 functions. Including those aimed at extracting and stealing data, managing files and plugins, as well as messaging the transfer of information about the device.

Previous Post Next Post