A crafty Linux malware has evaded detection for years and experts still don't know what it does

Linux Malware
(Image credit: Pixabay)

Security researchers have discovered a crafty piece of malware written for Linux, but finding it after three years in the wild is just "the tip of the iceberg," they say. Its purpose remains a mystery.

At least it now has an identity. Researchers at Qihoo 360 Netlab (via Bleeping Computer) are calling it RotaJakiro, named after a mashing of its characteristics—it uses rotating encryption keys, and is a two-headed beast of sorts, in that it executes different code for root and non-root accounts.

Staying hidden for so long is a result of RotaJakiro employing a combination of ZLIB compression and several different encryption algorithms. Dating back to 2018, at least four RotaJakiro samples have been uploaded to VirusTotal, a website that scans files with over 60 antivirus engines. The most recent upload occurred in January of this year.

The collection of antivirus engines returned a clean bill of health in each instance, leading the Qihoo 360 Netlab security team to wonder if there are more samples out there. That is not the only mystery, though.

"The real work is far from over, and many questions remain unanswered: How did RotaJakiro spread, and what was its purpose? Does RotaJakiro have a specific target? We would love to know if the community has relevant leads," the security team stated in a blog post.

What the researchers do know is that RotaJakiro supports a dozen functions. Three of them are related to plugins, but for what purpose is not yet clear. It is capable of creating a backdoor into infected 64-bit Linux machines, which in theory could allow an attacker to steal sensitive information.

Researchers also observed a few shared characteristics with the Torii botnet that was discovered by Avast in 2018, leading them to wonder if there is some sort of connection between the two.

Your next machine

(Image credit: Future)

Best gaming PC: the top pre-built machines from the pros
Best gaming laptop: perfect notebooks for mobile gaming

"From the perspective of reverse engineering, RotaJakiro and Torii share similar styles: the use of encryption algorithms to hide sensitive resources, the implementation of a rather old-school style of persistence, structured network traffic, etc. We don’t exactly know the answer, but it seems that RotaJakiro and Torii have some connections," the researchers said.

Whatever the intent, its days of hiding in plain sight are over, with this discovery. At least four AV engines at VirusTotal now detect the malware, and we imagine it won't be long before dozens of others catch up.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Read more
A computer screen with program code warning of a detected malware script program. 3d illustration
Second Steam listing this year found hiding 'new and clever' malware. This time through a fake demo link on developer's website
Three Magikarp Pokémon
The FBI used self-destruct on malware infecting over 4,000 US computers, it's super effective
Team Fortress Spy being shocked
An FPS studio pulled its game from Steam after it got caught linking to malware disguised as a demo, but the dev insists it was actually the victim of a labyrinthine conspiracy
Steam logo
A web3 free-to-play survival game found to be a front for installing malware on your PC has finally been removed from Steam
Nvidia RTX 4090 Founders Edition graphics card
A single RTX 4090 managed to brute force crack an Akira ransomware attack in just 7 days
The Buffalo RUF3-KEV USB drive on a red-orange gradient
This USB flash drive has a built-in anti-malware system, but I still wouldn't use one I found in a parking lot
Latest in Security
An FBI wanted poster for alleged hacker Zhou Shuai.
US Justice Dept announces $10 million bounty on at-large 'hacker-for-hire' cabal it says targeted China critics, religious missionaries, and the Treasury
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
A still from a YouTube video of Senator Mark Warner speaking
Telecoms hack on US government officials is 'worst in nations history' and 'the barn door is still wide open' says senator
HDMI cable
Hackers can wirelessly spy on your display by collecting HDMI signal leaks and churning them through an AI, but I wouldn't break out the tin foil just yet
Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg
Forcing users to periodically change their passwords should go the way of the dodo according to the US government
An original Apple Macintosh Model M0001, as they celebrate 40th anniversary, is on display in between 2024 Apple models at the independent Apple products store chain Amac, on January 24, 2024 in Utrecht, The Netherlands. Based on the Motorola 68000 microprocessor, the Macintosh was the first successful mouse-driven computer with a graphical user interface.
Major browser providers scramble to patch an 18-year-old vulnerability affecting MacOS and Linux systems but Windows remains gloriously immune
Latest in News
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
Junah beginning a battle in Metaphor: ReFantazio.
Today's RPG fans are 'very sensitive to feeling like they wasted time' when they die, says Metaphor: ReFantazio battle planner—but Atlus still made combat hard anyway
Image of Cersei Lanniser from Game of Thrones: Kingsroad Steam early access trailer
A new Game of Thrones RPG is coming to Steam today with a cast of 'familiar faces,' which is good because it's really the only way to tell it's a GoT game at all