A new Trojan infection, named as Linux.Proxy.10 has been discovered by security researchers that mainly targets the Linux devices and capable of transforming the infected PC into proxy servers and relay the malicious traffic. First of all, it was spotted at the end of the last year by malware researchers from the Russian security firm Doctor Web who later identified that there are several thousand Linux devices have been infected with this new Linux-based trojan and the campaigns are still hunting and ongoing for more Linux Systems.
Linux.Proxy.10 used as a second stage malware
This Trojan does not include any features to infect and compromise the user devices. According to the researchers, it does not include any exploitation module into Linux System instead the attackers are using other techniques to compromise PC at the first place and then create a new backdoor login account by using ‘mother’ as username and ‘fucker’ as a password. After creating an account, they are reported back to the crook’s servers which save them in a list. It infects network devices executing Linux, turning them into a platform for the cyber crime that allows crooks to remain anonymous online. Black hats run freeware code called the Satanic Socks Server on infected devices.
The actors of Linux.Proxy.10 is involved in the other malware campaigns
According to the Dr. Web, the server where they found the list of devices with username and password combos is also hosted the control panel of Spy Agent Computer monitoring software with Windows that build for BackDoor.TeamViewer spyware. By taking into the account, malware was found of the thousand of devices that malware authors are using it to rent out access to their network. In the past, the other families of Linux malware were used to transform the infects hosted into proxy servers and relay the malicious traffic such as LuaBot, NyaDrop, and Moose.
Over a year ago Moose has been uncovered by ESET security researchers that had the capability to turn the Linux devices into proxy servers and then used for launching armies of fake accounts on social media networks such as Twitter and Instagram. The users and administrators of Linux are recommended to tighten the SSH security by disabling the remote access via SSH. To know that if your PC has been already compromised, keep a regular watch on the newly generated login users and password.
Linux users and administrators are recommended to tighten SSH security by limiting or disabling remote root access via SSH, and to know if your system has already been compromised, keep a regular watch on newly generated login users.