Security experts at Check Point discovered a new backdoor dubbed ‘SpeakUp’ targeting Linux servers in East Asia and Latin America.
The SpeakUp backdoor leverages known vulnerabilities in six different Linux distros, it is also able to infect Mac systems. The Trojan spread by exploiting remote code execution flaw and for the initial infection hackers leverage recently disclosed flaw in ThinkPHP (CVE-2018-20062).
Researchers linked the author of the SpeakUp backdoor with the malware developer that goes online with the moniker of Zettabithf.
Most of the infected machines are in China, the same country where was spotted the sample analyzed by Check Point on January 14, 2019.
“The sample we analyzed was observed targeting a machine in China on January 14, 2019 and was first submitted to VirusTotal on January 9 2019. At the time of writing this article, it has no detections in VT.” reads the analysis published by the experts.
Once infected the system, the backdoor connects to the command and control (C&C) server to register the machine, it gains by using cron and an internal mutex, in this way only one instance remains alive at all times.