Search This Blog

Powered by Blogger.

Blog Archive

Labels

New Linux trojan can disable your antivirus and steal root passwords

Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by.

The device on the Linux operating system a new Trojan striking-miner is able to remove employees in the system of anti-virus software reported on the website of the company “Doctor Web”, a Russian antivirus maker that was able to track the malware for an extended period time. This malware can install bitcoin miners on systems. The malware has over 1,000 lines of code and is more complex than most other Linux malware.

Linux is known to be a much safer OS compared to other desktop alternatives, but it is nowhere near perfect.

Trojan also installs a rootkit and another strain of malware that can execute Distributed Denial of Service (DDoS) attacks.

The malware called by its generic detection name of Linux.BtcMine.174 when run, scans your system and looks for the folder where it can upload other malicious modules from the server. Then the computer loads one of the versions of the Linux backdoor.BackDoor.Gates.9. It allows hackers to execute commands on the infected device and carry out a DDoS attack.

After this malware is looking for other miners in the system and disables them and then removes all files and directories operating on computer antivirus. After Linux.BtcMine.174 launches its own miner designed for mining cryptocurrency Monero. The virus is updated with the command and control server every minute.

The trojan is capable of infecting Linux systems and writes permissions into disks to access user systems. The Linux malware is capable of disabling any installed antivirus programs and steal root passwords. It takes advantage of the infamous Dirty COW exploit and can get attackers complete access to the OS. According to Dr Web, “the Trojan launches and maintains as a Monero (XMR) miner. In an infinite loop, the script checks for updates on a remote server so that it can download and install them if they become available.”
Share it: