The open-source operating system, Linux was once considered as the most secure OS in present the world, but things have changed quite a bit since the security researchers have again found a malware like Bashlite and Mirai infecting Linux-devices and turning them into a DDoS botnet. Now, A new malware has been found targeting Linux.
This was dubbed as Linux.Proxy.10 by the researchers at the Dr Web. The malware was developed to run a Socket Secure (SOCKS), which is an Internet protocol which routes the network packets between a client and server through a proxy server by the freeware source code of Satanic Socks Server.
According to the Dr Web’s blog post, “To distribute Linux.Proxy.10, cybercriminals log into vulnerable devices via SSH protocol, and at same time list of devices, as well as logins and the passwords («IP address: login: password») that also go with them, are then stored on the server they own.” For an example of such list can be found in following picture:
Based on this pattern, the researchers noted that Linux.Proxy.10 takes over the devices which are already infected by another malware or have used the standard settings. The Linux.Proxy10 also comes with BackDoor.TeamViewer, a Spy-Agent administrator panel and a build of Windows malware from a known family of Trojan spyware.
If you are a Linux administrator make sure to remotely scan your device on a daily basis, change security setting from standard to advance and keep an eye on new logins. Also, encrypt data communication, use Linux security extensions, don’t forget to lock user accounts after login failures, disable root login, and last but not the least configure logging and auditing to collect all hacking attempts.