INFRA
INFRA
INFRA
Rakos malware infects Linux servers, IoT devices to build botnet
A recently discovered form of malware is spreading across Linux servers and Linux-powered Internet of Things devices, causing network congestion as it attempts to build a botnet.
Called Rakos, the malware is attacking vulnerable devices via brute-force Secure Socket Shell login attempts. Once it gains access, it then uses the infected machine to carry out more brute-force attacks on other devices, putting additional pressure on network resources.
According to researchers at security firm ESET spol. s r.o., the malware in its current form is harmless besides its strain on network resources. But that could easily change in the future given that it provides direct access to the hackers behind the malware to infected devices.
“The obvious aim of this trojan is to assemble a list of unsecured devices and to have an opportunity to create a botnet consisting of as many zombies as possible,” the company said in a blog post Tuesday.
Rakos, which is written in the Go language, was observed loading its configuration via standard input in YAML format with a configuration file that includes a list of command and control servers, the credentials that are used to brute-force devices, and internal parameters.
Once installed, the malware starts a local HTTP server, allowing future versions to kill running instances regardless of their name. It also creates a web server listening on all interfaces. “Sending back the IP address, username and password allows the attackers to do anything they want with the machine afterwards,” the researchers noted. “Together with the foul language used in the code, we think it is unlikely that this is just an invasive but innocent experiment or an unfortunate exercise in academic research.”
The trojan virus is unable to maintain persistence after a system is rebooted, however. Given that it sends back username and password information, the safest way to ensure server or device safety is to secure SSH credentials, or login details such as the server address, username and password, after a factory reset.
Image credit: Pixabay/Public Domain CC0.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
