Linux is considered as one of the most secure operating systems — However, there’s a trojan attacking specifically those on Linux.
The anti-virus makers found this Trojan in October but at that time they weren’t sure on how it works and how dangerous it could be for the users.
What Dr.Web discovered in two months was that the Trojan was initially developed for only Linux SPARC architectures but is wasn’t long before an upgraded version was developed by the hackers which targeted Linux PCs running on intel chips, on both 32 bit and 54-bit architectures.
The Trojan itself is very simple but very difficult to detect as it uses an encryption configuration file (via the XOR algorithm). In some instances, researchers found the Trojan getting connected to the C&C server through a proxy which helped its main server to remain anonymous.
Though, the Trojan on its own can’t do much but if its operator wants to go for a full compromise of the system he can do it.
Here are the main operations of the Trojan:
The trojan downloads files from its C&C server, uploads files to the C&C server and execute commands on the local shell.
Many analysts believe Rebooke is a harmless Trojan which is true, but its simple design allows the attacker to maneuver the type of attacks which can allow them to deliver powerful payloads on the systems.
What’s the most troubling part of this Trojan is that its developers are more focused on making the Trojan secured rather then what functions it can carry out. Meaning even if the Trojan is once identified by the security system, doesn’t mean it can always as developers know how to make it more secure and as of now most of the anti-virus products will fail to detect this Trojan with it using encryption for its configuration file.
While giving out the curing recommendations, Dr.Web revealed that this Trojan may also be targeting Android, Mac OS X and Windows.
This is not the first time when cyber criminals are targeting Linux users. Just last month the security researchers discovered a sophisticated Ransomware scam targeting Linux OS.