New Trojan Turns Linux Devices into Botnet

New Linux Trojan turns infected Linux Devices and websites into P2P botnets and threatens users with DDoS and ransom! — This Trojan is one of its kind!

Linux is considered as one of the most secure operating systems but things seem to be changing as cyber criminals are equipping themselves with the latest tools. That’s why recently, researchers at Doctor Web have discovered a Linux trojan that can turn an infected Linux device and websites into a P2P botnets.

Usually, a malware is designed to infect devices in order to steal financial and personal data but ”Linux.Rex.1” malware has the ability to perform DDoS attacks from the infected device, send malicious messages and distribute itself to others networks.

Must Read: Hackers Compromise the Download Link for Linux Mint with Backdoor

The Linux.Rex.1 malware was first discussed on kernel mode forum where users took it as “Drupal ransomware” but with a passage of time Dr. Web found out the malware can do much more than targeting Drupal-based platforms.

Botnet, spamming, DDoS and ransom:

Once the device is infected, the malware sets it up as a bot and takes instruction from unknown cyber criminals using command and control (C&C) servers. It then distributes itself onto other networks using the same infected device that’s why Dr. Web labeled it as peer-to-peer (P2P) botnet.

A botnet is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g. to send spam.

The malware program receives instructions over the HTTPS protocol and sends them to other botnet nodes, if necessary. When commanded by cyber criminals, Linux.Rex.1 starts or stops a DDoS attack on a specified IP address. Other than aforementioned functions this malware also sends spam messages to website owners threatening them with DDoS attacks and pay ransom in Bitcoin in order to avoid attacks, as cited by Dr. Web.

That’s not all, Linux.Rex.1 also carries a  special module within, allowing it to run scans on the infected network for websites based on Drupal, Magento, JetSpeed and WordPress CMS. Dr. Web also noticed that Drupal based websites are a special target of this malware since it has the ability to perform vulnerability scan and using SQL injection to hack websites, upon hacking, the malware makes a clone of the site and distributes itself on further networks.

Dr. Web has labeled the Linux.Rex.1 a serious that for Linux and website users – so watch out for this one folk!

Related: New Linux Malware Installs Bitcoin Mining Software on Infected Device

Remember, in last one month, researchers have discovered an increase in malware solely developed to infect Linux devices. Adwind RAT is already out there in the world targeting not only Linux but also Windows, OS X and Android Devices.

Related Posts