A new backdoor Linux-based operating system trojan dubbed “SpeakUp” is on the loose, although so far it does not appear to have propagated to North America or Europe. Research team Check Point Research recently reported the discovery and said SpeakUp exploits known vulnerabilities in six separate Linux distributions and is able to evade all security vendors. A community of radio amateurs use various forms of Linux, including the popular Ubuntu software, which includes ham radio apps. Check Point Research said the attack is targeting worldwide servers.
“The attack is gaining momentum and targeting servers in East Asia and Latin America, including AWS [Amazon Web Services]-hosted machines,” the Check Point Research article said. “SpeakUp acts to propagate internally within the infected subnet, and beyond to new IP ranges, exploiting remote code execution vulnerabilities. In addition, SpeakUp presented ability to infect Mac devices with the undetected backdoor.” The origin of the malware appears to be in East Asia, although its developer may be Russian.
Check Point Research said the sample it analyzed had targeted a machine in China on January 14. Once the software successfully registers a victim, it receives commands to manipulate the machine to download and execute various files. Check Point Research said SpeakUp serves XMRig cryptocurrency miners listening to infected servers.
“SpeakUp’s obfuscated payloads and propagation technique is beyond any doubt the work of a bigger threat in the making,” Check Point Research concluded. “It is hard to imagine anyone would build such a compound array of payloads just to deploy few miners. The threat actor behind this campaign can at any given time deploy additional payloads, potentially more intrusive and offensive. It has the ability to scan the surrounding network of an infected server and distribute the malware.”
Linux is a family of free, open-source operating systems based on the Linux kernel first released in 1991 by Linus Torvalds.
Read the full article at http://www.arrl.org/news/view/new-campaign-exploiting-linux-servers-to-insert-backdoor-speakup-trojan. STRAY SIGNALS does not claim ownership of the article.