RotaJakiro Linux Backdoor Remained Undetected For Years
Security researchers at Qihoo 360's Network Security Research Lab (360 Netlab) have discovered a Linux backdoor, that managed to fly under the radar for years. Backdoor dubbed RotaJakiro is designed to work as stealthy as possible, while not stopping the researchers from dissecting it as resource information found within the sample spotted by 360 Netlab's BotMon system is encrypted using the AES algorithm. "At the functional level, RotaJakiro first determines whether the user is root or non-root at run time, with different execution policies for different accounts, then decrypts the relevant sensitive resources using AES& ROTATE for subsequent persistence, process guarding and single instance use, and finally establishes communication with C2 and waits for the execution of commands issued by C2," 360 Netlab said. Read more...