14 DAY TRIAL // Linux has always been considered a more secure operating system, but malware writers are now trying to take advantage of this premise with new forms of infections spreading across the web as we speak.
Security firm Dr. Web warns that it has already discovered thousands of Linux computers infected with a malware called Linux.Proxy.10, which is used by cybercriminals to remain anonymous online.
What this malware does is run a SOCKS5 proxy server on the infected device allowing attackers to connect to the machine to hide their identity while performing other illegal activities on the Internet.
According to researchers, this infection is specifically targeting computers with the default settings or machines that have already been compromised by other forms of malware. This way, attackers can easily obtain access to the target computer and install Linux.Proxy.10.
“To distribute Linux.Proxy.10, cybercriminals log in to the vulnerable devices via the SSH protocol, and at the same time the list of devices, as well as the logins and passwords that go with them, are stored on their server. The list looks like this: «IP address:login:password»,” the security firm explains.
Change your passwords
Once a system is infected with Linux.Proxy.10, the cybercriminal can easily connect using just its IP address, plus the port that they originally configured when starting spreading the malware.
During the investigation, Dr. Web also discovered other infections on cybercriminals’ servers, including a piece of malware that was developed for Windows computers.
“The server belonging to the cybercriminals who distribute Linux.Proxy.10 has been found to contain not only the lists of vulnerable devices. Doctor Web security researchers also detected a Spy-Agent administrator panel and a build of Windows malware from a known family of Trojan spyware, BackDoor.TeamViewer,” the firm says.
The best way to remain secure is to change the default settings and use passwords that are more complex and harder to decrypt. In this new wave of attacks, the cybercriminals do not attempt to brute force the systems, but to break in using the default passwords and the typical credentials that some people might still be using.