Security researchers have discovered a crafty piece of malware written for Linux, but finding it after three years in the wild is just "the tip of the iceberg," they say. Its purpose remains a mystery.
At least it now has an identity. Researchers at Qihoo 360 Netlab (via Bleeping Computer) are calling it RotaJakiro, named after a mashing of its characteristics—it uses rotating encryption keys, and is a two-headed beast of sorts, in that it executes different code for root and non-root accounts.
"The real work is far from over, and many questions remain unanswered: How did RotaJakiro spread, and what was its purpose? Does RotaJakiro have a specific target? We would love to know if the community has relevant leads," the security team stated in a blog post.
What the researchers do know is that RotaJakiro supports a dozen functions. Three of them are related to plugins, but for what purpose is not yet clear. It is capable of creating a backdoor into infected 64-bit Linux machines, which in theory could allow an attacker to steal sensitive information.
Best gaming PC: the top pre-built machines from the pros
Best gaming laptop: perfect notebooks for mobile gaming
"From the perspective of reverse engineering, RotaJakiro and Torii share similar styles: the use of encryption algorithms to hide sensitive resources, the implementation of a rather old-school style of persistence, structured network traffic, etc. We don’t exactly know the answer, but it seems that RotaJakiro and Torii have some connections," the researchers said.
Whatever the intent, its days of hiding in plain sight are over, with this discovery. At least four AV engines at VirusTotal now detect the malware, and we imagine it won't be long before dozens of others catch up.
