rekoobe is a malware newly discovered targeting systems based on Linux. His discovery came from the hand of the developers of the antivirus company Dr. Web. Rekoobe made its first appearance in October, and it took experts around two months to understand the behavior of this Trojan.
Initially, Rekoobe was developed to affect only Linux operating systems, under architectures SPARC, pbut it didn't take long to create a version that affected architectures Intel, both teams de 32-bit like machines of 64-bit, so now it also affects computers and as many other machines as servers that work with chips of this family.
Rekoobe uses a configuration file encrypted under algorithm XOR. Once the file is read, the Trojan establishes a connection with it. Command and Control (C&C) server ready to receive orders. This Trojan is quite simple, but the authors have gone to great lengths to make it difficult to detect. You can basically run only three commands: download or upload files, run commands locally, and transmit the output to the remote server. Once on the affected computer, he would dedicate himself to upload some of your files to the server, while downloading data from it to perform some actions on the affected computer. Therefore, cyber criminals are able to intervene to a small or large extent with the operation of the computer remotely.
Unfortunately, the story does not end here. Analysts also point out that this Trojan could affect other operating systems such as Android, Mac OSX y Windows.
Although many users consider Linux systems immune against malware, other threats have recently been discovered, such as Linux.Encoder.1 ransomware, which also targets computers under operating systems Linux.
21 comments, leave yours
One question, what good is the root user in these cases? Isn't a virus supposed to be an executable file that runs without the user's concentration and on GNU / Linux systems it is practically impossible for this to go through the architecture as they are made - because of the famous Root and the long password? I don't really understand, hopefully someone will explain it to me
Indeed, the architecture of GNU / Linux makes it very difficult for this type of malware to penetrate, but you must remember that security is in the users not in the systems, understand that we are the weakest part and by mistake or ignorance we can open them way.
Using GNU / Linux does not guarantee anything in terms of security. If what you are looking for is to be safe, you must inform yourself and be cautious, just like in the real world, believe me there is no software that can protect you, only your common sense and your good habits.
Thank you very much for sharing your point of view and explanation ...
In any system it is impossible for that to happen because software / virus magic would need to run itself.
Sometimes one can use the existence of a certain type of vulnerability without patching and usable but it is not the norm.
I recommend that you do not store sensitive information on your computer as it is at risk of being stolen by anyone from anywhere in the world and passwords are useless.
Long live amd for once as these are not affected
Your comment is irrelevant, it speaks of processor architectures, not brands.
Mention Intel architecture, that is, x86, the same one that AMD uses.
It is a bit ambiguous news, without concrete data
what is vulnerable? what program?
there's a solution?
From my point of view, half news is not news
I investigated about this Trojan (For my blog) and, as for what you ask ...
It is not a vulnerability we are talking about, it is a Trojan which can enter your operating system in different ways, such as:
If you give Rekoobe root permissions. Or if it is installed in the directory «home» (which already has root permissions) you will have this malicious program on your PC.
The solution can be manual. Or through antivirus, which is difficult due to Rekoobe's sophisticated behavior to prevent most antivirus detecting them.
Or it could be through DR's antivirus. Web (which I think is paid), who already added it to their malware database, so with them you will be protected ... but for this you have to pay them -_-
thanks for the info
Moral: never install anything that is not in the official repositories of your distro
The news is about a Trojan, nothing is talking about a vulnerability. They are different topics and they have nothing to do with it.
Let's find this from ransomware. Also look everywhere and everyone copied and pasted the same Rekoobe article, that is, someone to tell you how virua infects you and how to solve it.
God correct my spelling errors XD
What happens by not using OPEN SOURCE; If I see the program code, there is logic that explains how malware can be installed.
The previous comment did not come out….
Today more than ever I prefer GNU / linux
What was the previous one? I see two comments ...
The usual: do not leave root activated; don't install anything we can find (that's what the virtual machine is for); make a backup of our system (systemback for example) and above all above all: DO NOT FALL INTO THE DARK SIDE, DO NOT INSTALL WINDOWS.
As far as I know, a Trojan needs to trick you into entering your credentials and then being able to run and do what it is programmed to do. In that sense, Linux would not have any infection problem because EVERYTHING that wants to run needs the administrator password, which does not happen in windows. As far as I know, this type of news serves more to discredit Linux than to publicize something
If every Trojan or virus will actually be published (the latter as far as I know is much worse since it does not need permission but rather runs and period) from Windows, would there be news every day, but in Windows it is normal that there is viruses (which as far as I know there is no linux, malware that executes itself) and Trojans are insignificant
By the root user account which is essential for the administrative use of Linux
Linux leads everyone with its repositories so you do not need in the vast majority of cases to leave the system to get all the software you need
Linux is updated at a dizzying speed, the news of the 28 rollbacks is still jumping and that the grub has already been patched and that error does not exist
I get sick
You have to see that there is a good difference between Trojan and virus
I read a good explanation about the myth of viruses in Linux a long time ago, here is the link https://blog.desdelinux.net/virus-en-gnulinux-realidad-o-mito/
although old, I think it has validity
It is always suspicious that antivirus companies are the ones that discover certain Linux malware before users have found it. In short, they will be very efficient.