Stealthy Linux backdoor malware spotted after three years of minding your business

The Register ^ | 29 April 2021 | Thomas Claburn

[ShadowAce]

Thanks to dayglored for the article!

[CharlesOConnell]

I studied Oracle 9 for a year. Its platform is a form of Linux

[Red Badger]

Was written by a Chinese “Backdoor man”?................

[Autonomous User]

“Chinese security outfit”

Isn’t that an oxymoron?

[TomGuy]

Something keeps sneaking in and stealing my desktop icons on Linux Mint Cinnamon 18.3. I have to reboot to get them back.

[That seems to be a persistent problem with several versions of Linux.]

[Yo-Yo]

Isn’t “A Chinese security outfit” an oxymoron?

[Yo-Yo]

Ha! Beat me by 2 minutes!

[lowbridge]

“a suspicious ELF program that interacted with four command-and-control (C2) domains over the TCP HTTPS port 443 even though the protocol used isn’t actually TLS/SSL.”

Anyone could’ve told them that.

[immadashell]

Oh, yeah, everybody knows that!?!

[John S Mosby]

A dude named “Mr. Wu”.... he was a window cleaner and then an air raid warden back in WWII. Just kidding- first came to mind.

George Formby (the Queen’s favourite morale booster in the Blitz):...”... if there’s a chink in your window, you’ll have another one at the door....” “ the girls all cover their laundry mark...” risque stuff for WWII.

https://www.youtube.com/watch?v=vnvgpeGxzak

[John S Mosby]

Is the “backdoor” risk now closed by Linux updates? Since this came out? That is-— what is to be done? Read the details can’t figure out what a rotating trapdoor drop functionality— well, what is it. Says it is used for targeting individual machines.

Linux experts on FR— any suggestions?

[ShadowAce]

Yup. Oracle is based off of Red Hat.

[ShadowAce]

I’ve never seen that happen before.

[dadfly]

bookmark

[Flick Lives]

According to Netlab, RotaJakiro supports 12 commands, including “Steal Sensitive Info,” “Upload Device Info,” “Deliver File/Plugin,” and three “Run Plugin” variants.

—

This article sounds like FUD designed to pitch security software.

For one, I seriously doubt any malware is going to have a function so obviously labeled “Steal Sensitive Info”. Secondly, what would constitute “sensitive info”?

[ShadowAce]

That is-— what is to be done?

I believe that your chosen distro maintainer(s) should be able to filter it out.

[Red Badger]

Just so long as you don’t get a chink in your armor.................

[perfect_rovian_storm]

Well, obviously someone has installed this backdoor on your system in a nefarious plot to steal your desktop icons and ultimately...CONTROL. THE. WORLD!!!!!

Or your window manager is crashing for some reason.

But it's probably definitely the first one.

[John S Mosby]

OK- thanks will check it out on their boards, maintenance etc.