Skip to main content

New Linux malware spotted

A new backdoor for Linux has been spotted by security researchers, one which can download malicious files to an infected system, log keystrokes and take screenshots.

Researchers from security firm Doctor Web said they had spotted a new multipurpose Trojan designed to infect Linux machines, which they called Linux.BackDoor.Xunpes.1.

The Xunpes 1 consists of a dropper and the backdoor. The dropper is made with Lazarus, a free cross-platform IDE for the Free Pascal compiler. Once run, it displays the window pictured in the image above, and contains the backdoor – the second part of the Trojan.

The second part then installs itself and opens up a connection so that the attackers have access to the infected machine. According to security researchers, this program can do a lot of things:

“In total, Linux.BackDoor.Xunpes.1 is capable to execute more than 40 commands,” the researchers say in a report.

“Among them are keylogging—recording of keystrokes on an infected device—and downloading and running of a file, whose path and arguments are received from the server, which terminates the work of the backdoor. Besides, it can also send file names in a specified directory and upload selected files to the server. In addition to this, the Trojan creates, removes and renames files and folders, takes screenshots, executes the bash commands; and the list is far from being exhaustive.”

The researchers have said the backdoor has been added to their database, so if you’re using Dr.Web antivirus, you should update the program to get the latest virus signatures and stay safe.