Proxy Malware hits Linux Boxes with Default Settings!

Linux, the operating system widely believed to be immune to virus attacks may soon need to roll out antivirus software as security experts detected a Trojan which turns Linux based devices into proxy servers which then used by attackers to launch cyber-attacks while masking the identity of the attacker. Researchers from Russian security firm “Doctor Web” first came across the Trojan in 2016, identified thousands of compromised machines whose numbers are set to increase manifold by 2017, as the attackers are on the hunt for many more Linux machines. According to the researchers, the malware termed Linux.Proxy.10 doesn’t include any exploitation module to hack into Linux machines, rather the attackers compromise the devices using other Trojans and techniques and then create a backdoor login accounts. Once the backdooring is complete, the attacker gets the list of all successfully compromised Linux machines and logs into them via an SSH Protocol and installed SOCKS5 proxy server using the malware Linux.Proxy.10. This whole process is not very innovative, as it uses a freeware source code of the Satanic Socks Server to setup a proxy. The server is belonging to the cybercriminals distributing the Linux.Proxy.10 malware contains information regarding the compromised devices and also hosts a Spy-Agent computer monitoring software with its control panel and a Windows malware called BackDoor.TeamViewer. Linux users are advised to strengthen SSH security by limiting remote access via SSH and constantly monitor newly generated login users. This detection is not the first instance of a Linux malware, previously ESET security researchers had uncovered a similar malware termed “Moose” which is similar to Linux.Proxy.10 and turned Linux devices into proxy servers. This compromise, in turn, were used to create a multitude of fake accounts on social media networks. Well, it turns out that ‘Linux does not get viruses’ turns out to be a myth after all. The underlying problem here is the proper configuration of the systems.In many cases, people are negligent and use installations with their default settings.