Rekoobe is a malware newly discovered targeting systems based on Linux. His discovery came from the hand of the developers of the antivirus company Dr. Web. Rekoobe made its first appearance in October, and it took experts around two months to understand the behavior of this Trojan.
Initially, Rekoobe was developed to affect only Linux operating systems, under architectures SPARC, pbut it didn't take long to create a version that affected architectures Intel, both teams de 32-bit like machines of 64-bit, so now it also affects computers and as many other machines as servers that work with chips of this family.
Rekoobe uses a configuration file encrypted under algorithm XOR. Once the file is read, the Trojan establishes a connection with it. Command and Control (C&C) server ready to receive orders. This Trojan is quite simple, but the authors have gone to great lengths to make it difficult to detect. You can basically run only three commands: download or upload files, run commands locally, and transmit the output to the remote server. Once on the affected computer, he would dedicate himself to upload some of your files to the server, while downloading data from it to perform some actions on the affected computer. Therefore, cyber criminals are able to intervene to a small or large extent with the operation of the computer remotely.
Unfortunately, the story does not end here. Analysts also point out that this Trojan could affect other operating systems such as Android, Mac OS X y Windows.
Although many users consider Linux systems immune against malware, other threats have recently been discovered, such as Linux.Encoder.1 ransomware, which also targets computers under operating systems Linux.