Η company ασφαλείας ESET ανακάλυψε μια νέα μορφή κακόβουλου software which targets Linux devices. Malware can give full control of the affected device to hackers, leaving a door open for many other malicious actions, such as attacks DDoS.
The new malware has been named Rakos, and is used to attack mobile devices and servers that have the SSH port open. If it finds any port open in the SSH protocol it uses brute force attacks to crack the password.
ESET claims that Rakos creators want to infect as many systems as possible to create a botnet that they could use for other malicious attacks such as DDoS attacks or spam spread.
Initially, attackers scan systems for vulnerabilities by analyzing predefined IPs. We should mention that machines that use very weak passwords are most at risk as brute force attacks take much longer in large codes.
Once the victim's Linux device has been accessed, Rakos launches a local HTTP service available at http: // 127.0.0.1: 61314 for two different purposes.
"The first is a sly way for future versions of the bot to stop various processes regardless of their name by simply asking for the address http://127.0.0.1:61314/et and the second tries to parse a URL query with parameters "ip", "u", "p", requesting the address http://127.0.0.1:61314/ex. The purpose of this / ex HTTP is not yet clear, "according to ESET.
The malware automatically scans the infected system and collect information that it then sends to a C&C server. The information includes IP address, usernames and passwords.
A locally stored conf file makes it possible to access one backdoor cuts so that the attacker can access some other time in the future.
It is important to emphasize that SSH's complex passwords are virtually impossible to break from this malware, and attackers are mostly looking for devices that use weak passwords.
If for some reason your Linux device is infected, you must log in using SSH / Telnet and look for a process called .javaxxx. Make sure it is the one that is used for unwanted connections and kill (kill) the process.
Read more on ESET's publication.