New Linux Backdoor Spotted: Facefish

New Linux Backdoor Spotted: Facefish

With time, Linux has not only become the backbone of the internet and the Android OS, but has also expanded into anything that needs a minimal operating system for dedicated software. Hence, it is highly desirable for threat actors to leave backdoors that would enable them to get back in systems. Recently, one such backdoor, named Facefish, has been discovered.

About Facefish

Facefish, analyzed recently by Qihoo 360 NETLAB team, can be used to steal device information and login credentials, execute arbitrary commands, and bounce shell on infected Linux systems. The backdoor specifically targets Linux x64 systems and is capable of dropping multiple rootkits at different times. It, furthermore, uses the Blowfish algorithm for C2 communications.

Not the first time

This is not the first detailed analysis of Facefish activities. An earlier report by Juniper Networks delineates an attack chain that injects SSH implants on Control Web Panel (CWP) to steal sensitive data from infected systems.
CWP has a myriad of flaws. Moreover, its source code is ostensibly encrypted and obfuscated. This makes it difficult to determine which version is still vulnerable to the malware.
Last year, there were 215,000 CWP installations that were accessible to the public. Thus, it is surmised that the number of compromised computers may be substantial.

Latest attacks on Linux

Although this is one of the latest threats to Linux operating systems, there have been more in recent times. Let’s glance through them.

The Sysrv-hello cryptojacking botnet was found actively scanning for vulnerable Windows and Linux enterprise servers to infect th ..

Support the originator by clicking the read the rest link below.