New Linux Malware From Russian Hackers Is Stealing Data

New Linux Malware From Russian Hackers Is Stealing Data


The National Security Agency (NSA) and the FBI have issued a warning against a new Linux malware dubbed 'Drovorub' which is believed to have been developed by Russian military hackers.

According to a report based on data compiled by the agency, the Linux malware virus is the work of APT28, a well-known hacking group from military unit 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS). The intention behind the spread of malware is espionage and stealing secrets from the public sector and IT companies.


Drovorub Linux Malware

The Drovorub Linux malware, compatible with two agencies, consists of implants, file transfer tools, kernel module rootkits, command and control servers, and port forwarding modules. The report states that this malware is highly hidden and can remain undetected on machines due to the advanced rootkit technology used by hackers. The hidden capabilities of the Drovorub Linux malware make it easy for hackers to target different types of platforms, initiating attacks at any time.

The report describes the function of each Linux malware component communicating with each other using JSON via WebSockets and encrypted traffic from the server module using the RSA algorithm.

How to stay safe from Drovorub Linux Malware?

The NSA and FBI have called for a few precautions that can be used to stay safe from new types of Linux malware:

  • Always update all Linux systems to kernel version 3.7 or later.
  • The system must be configured to load modules with digital signatures.
  • Enable the UEFI Secure Boot verification mechanism.

Keywords: linux malware, linux malware 2020, russian linux malware