Linux backdoor stole company logins

By

Fokirtor trojan discovered.

A Linux backdoor capable of stealing login credentials from secure shell connections has been found on the network of a large unnamed internet hosting provider.

Linux backdoor stole company logins
Zombie-parade.net

Symantec researchers detected the Fokirtor trojan in June which exposed login credentials.

Breached passwords were hashed and salted but Fokirtor could have provided access to the company's encryption key which secured its internal communications.

“This backdoor allowed an attacker to perform the usual functionality – such as executing remote commands – however, the backdoor did not open a network socket or attempt to connect to a command-and-control server,” researchers wrote in a blog post.

They said the trojan injected itself into the organisation's SSH process to extract encrypted commands.

Fokirtor could ultimately allow an attacker to execute commands of their choosing and even collect data from individual SSH connections, like the connecting hostname, IP address, port and SSH key used to authenticate users.

Symantec Security Response researcher Satnam Narang said the attackers needed the "sophisticated” trojan to conceal their access to the target's network.

“The attackers understood that the target environment was well protected, so they needed to find a means to avoid a potential security review in order to remain hidden,” Narang wrote.

“Therefore, they crafted this stealthy backdoor to camouflage itself within the secure shell (SSH) and other processes."

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?