A new Trojan dubbed Linux.Proxy.10 is targeting Linux-based devices transforming them into proxy servers that are used by attackers to protect their anonymity while launching cyber attacks from the hacked systems.
Linux.Proxy.10 was first discovered by researchers at the antivirus firm Doctor Web at the of 2016, the malware compromised thousands of machines and according to the experts the malicious code is still spreading.
“The Trojan, used by cybercriminals to infect numerous Linux network devices, has been named Linux.Proxy.10.” states the report published by Rr. Web. “As the name of this malicious program suggests, it is designed to run a SOCKS5 proxy server on the infected device on the basis of the freeware source code of the Satanic Socks Server. Cybercriminals use this Trojan to ensure that they remain anonymous online.”
The malware doesn’t include any module to hack into Linux systems, according to the experts the attackers use other Trojans and techniques to compromise devices and establish a new backdoor login account with username as “mother” and password as “fucker.”
Once installed the backdoor the attacker logs into a compromised device via SSH protocol and installs the SOCKS5 proxy server using the Linux malware on it.
This Linux.Proxy.10 malware leverages on the freeware source code of the Satanic Socks Server to setup a proxy.
The researchers at the Doctor Web discovered one of the servers used to distribute the Linux.Proxy.10, it was containing the lists of vulnerable devices along with a Spy-Agent administrator panel and a build of the BackDoor.TeamViewer Windows malware.
Linux users and administrators are recommended to limit or completely disable remote root access via SSH, and monitor the newly generated login users to discover any evidence of infection.
(Security Affairs – Linux malware, Linux.Proxy.10)