Technology

A New Linux Malware That Has Been Operational For 3 Years Has Just Been Spotted

A total of four RotaJakiro samples have been found so far

Researchers have discovered a Linux backdoor malware called RotaJakiro, which has managed to stay under the radar for about three years, allowing threat actors to run a protracted data-harvesting operation.

The malware was named after the encryption rote it follows when executed: root/non-root accounts.

While early versions of the malware were uploaded on VirusTotal as early as May 2018, the findings come following an analysis of a malware sample detected on March 25, 2021.

A total of four RotaJakiro samples have been found so far, all of which have a low detection rate, with just seven antivirus engines flagging the threat as malicious.

Researchers at Qihoo 360 NETLAB, who discovered the threat, say that RotaJakiro is designed with stealth in mind, as it uses multiple encryption algorithms, including AES, XOR, and ROTATE, as well as ZLIB compression.

RotaJakiro Malware Capabilities

The malware exhibits obvious backdoor capabilities, as its functions being tasked to gather data from the target device, steal sensitive information, execute file-related operations, and download and launch plugins from a command and control server (C&C).

Researchers are still unsure about the true intent behind this malware because 3 out of RotaJakiro’s 12 functions cannot be currently analyzed. NETLAB said these three malware functions are related to the execution of plugins, which are not available for analysis.

“Unfortunately, we have no visibility to the plugins, and therefore do not know its [RotaJakiro’s] true purpose,” Alex Turing and Hui Wang, researchers at NETLAB, wrote in a blog post.

However, researchers discovered the malware uses some C&C domains that date from 2015 and observed some code overlaps between RotaJakiro and a botnet called Torii, suggesting that RotaJakiro and Torii are connected.

Julio Rivera

Julio Rivera is a small business consultant, political activist, writer and Editorial Director for Reactionary Times.  His writing, which is concentrated on politics and cybersecurity, has also been published by websites including Newsmax, The Hill, The Washington Times, LifeZette, The Washington Examiner, American Thinker, The Toronto Sun, PJ Media and many others.

Previous/Next Posts

Related Articles

Leave a Reply

Loading...
Back to top button