Researchers at Russian antivirus and security firm Dr.Web discovered malware that targets Linux systems and can download files from infected computers' command and control server.
The malware, a Trojan file that researchers dubbed Rekoobe, was originally created to only infect Linux SPARC architectures. The malware has been retooled to enable Rekoobe to target Linux PCs running on Intel chips using 32-bit and 64-bit architecture.
The malware uses a configuration file encrypted through the XOR algorithm to make it difficult for security firms to detect Rekoobe. According to a blog post on the Dr. Web website, “Once the file is read, the Trojan periodically refers to the C&C server to receive commands.”
The malware then extracts authorization data from the infected computer's configuration files. The sent and received information is split into a separate block, which is then encrypted and sent using its own signature.” The Rekoobe malware has been ported on Android, Mac OS X and Windows operating systems.