Linux malware RotaJakiro went unnoticed for three years

The Chinese security team Qihoo 360 Netlab discovered the Linux malware RotaJakiro, which went unnoticed by VirusTotal for three years.

The backdoor was discovered in the course of analysing suspicious traffic from one of the system processes identified during the analysis of the structure of the botnet used for the DDoS attack.

Prior to this, RotaJakiro remained unnoticed for three years, in particular, the first attempts to check files with MD5 hashes in the VirusTotal service that match the detected malware were dated May 2018.

Malicious software disguises its activities using encryption and compression techniques and program names very similar to standard Linux system programs. The names of the programs are different depending on whether RotaJakiro is running on behalf of the main system administrator or a regular user.

The malware is not an exploit; rather, it is a payload that opens a backdoor on the target machine. It can be installed by an unsuspecting user, an attacker, or through a Trojan dropper.

At the moment, experts do not fully understand the mechanism of its work, but now they have discovered 12 functions, including those aimed at extracting and stealing data, managing files and plugins, as well as messaging the transfer of information about the device.

“At the coding level, RotaJakiro uses techniques such as dynamic AES, two-layer encrypted communication protocols, to counter the analysis of binary and network traffic. At the functional level, RotaJakiro first determines whether a user is root or non-root, at runtime, with different execution policies for different accounts, then decrypts the corresponding sensitive resources with AES & ROTATE to save, protect the process, and use a single instance later, and, finally establishes communication with C2 and waits for the commands issued by C2 to execute”, — Qihoo 360 Netlab experts say.

Let me remind you that I talked about the fact that FreakOut malware attacks Linux systems and uses them for DDoS and mining, as well as that Malware for Linux Kobalos attacks supercomputers.

Linux malware RotaJakiro went unnoticed for three years

The Chinese security team Qihoo 360 Netlab discovered the Linux malware RotaJakiro, which went unnoticed by VirusTotal for three years.

William Reddy

Read Next

Remove Healthy App by HealthySoftware

Sogeti CETI experts talk about Babuk ransomware

TeaBot malware steals SMS and credentials

Osiris banking Trojan was replaced by its “relative”- the Ares malware

Large-scale phishing campaign used three new malware

Security researchers discovered a new Moriya rootkit for Windows

On macOS was fixed a 0-day that Shlayer malware used

Cybercriminals control ToxicEye malware using Telegram

HackBoss malware spreads via Telegram and steals cryptocurrency

In March 2021, the IcedID malware entered the list of the most active threats for the first time

Remove Healthy App by HealthySoftware

Sogeti CETI experts talk about Babuk ransomware

TeaBot malware steals SMS and credentials

Osiris banking Trojan was replaced by its “relative”- the Ares malware

Large-scale phishing campaign used three new malware

Security researchers discovered a new Moriya rootkit for Windows

On macOS was fixed a 0-day that Shlayer malware used

Cybercriminals control ToxicEye malware using Telegram

HackBoss malware spreads via Telegram and steals cryptocurrency

In March 2021, the IcedID malware entered the list of the most active threats for the first time

Leave a Reply Cancel reply

October Android update fixes critical RCE vulnerabilities

OnePlus reports user data leakage

Bankers attacked 430,000 users in the first half of 2019

NETGEAR fixes DoS vulnerabilities in its N300 routers

Cisco Developers Fixed IMC Supervisor and UCS Director Vulnerabilities

Sunspot malware was also used in the attack on SolarWinds