Dr. Web researchers spotted a Linux trojan, dubbed Linux.Proxy.10 that has been used to infect thousands of Linux devices.
The trojan infiltrates computers and devices that etiher have standard settings or are already infected by a Linux malware and is distributed by the threat actor logging into the vulnerable devices via the SSH protocol, according to a Jan. 24 blog post.
Researchers said the malware is designed to run a SOCKS5 proxy server on the infected device on the basis of the freeware source code of the Satanic Socks Serve, contains BackDoor.Teamviewer spyware, and allows the cybercriminals to remain anonymous online.
To prevent infection, Linux admins are instructed to ensure to remotely scan their devices on a daily basis, change security settings from standard to advance, monitor new logins, encrypt data communication, use Linux security extensions, lock user accounts after login failures, disable root login, and configure logging and auditing to collect all hacking attempts.