Turla malware now targets Linux

A variant of Turla malware has been found targeting the operating system Linux, according to the security company Kaspersky Lab.

Dubbed Linux Turla, the virus allows hackers to sent hidden communications through networks and execute commands on infected machines remotely, with much of the code said to be taken from public sources.

Kurt Baumgartner and Costin Raiu, security researchers at Kaspersky, said the malware "maintains stealth without requiring elevated privileges while running arbitrary remote commands", and is based on network sniffer cd00r.

"It can’t be discovered via netstat, a commonly used administrative tool," they added. "It uses techniques that don’t require root access, which allows it to be more freely run on more victim hosts.

"Even if a regular user with limited privileges launches it, it can continue to intercept incoming packets and run incoming commands on the system."

Some of the malicious code in the virus appears to be inactive and was perhaps left over from older versions, according to the firm, with the malware also having "an unusual command and control (C&C) mechanism" and a hostname fitting previous variants of Turla.

"The discovery of this Turla module rises one big question," Baumgartner and Raiu added. "How many other unknown Turla variants exist?"

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing