Rex Linux Trojan Can Launch DDoS Attacks, Block Websites and Earn Cryptocurrency

Linux is known as secured operating systems; however things are changing because cyber criminals are preparing themselves with latest tools. This is the reason recently; researchers of Doctor Web discovered the Linux Trojan, which can turn the infected Linux device as well as websites into P2P botnets.

Normally, malware is aimed to infect the devices in trying to steal personal and financial data; however "Linux.Rex.1" malware can perform the DDoS attacks from infected device, send the malicious messages, as well as distribute itself to the others networks.

The present version of malware is still written in the Go, and it has much more abilities than it had in May. Moreover, the criminals who are behind the malware are using it for threatening other webmasters with the DDoS attacks, unless the ransom payment was paid in Bitcoin.

As the device gets infected, malware sets it up as bot and then takes instruction of unidentified cybercriminals by using the C&C (Command And Control) servers. After that, the malware distributes itself into other networks by using same infected device because of which it was labeled by Dr. Web as P2P (Peer-to-Peer) botnet.

Hackread.com posted on August 21st, 2016, stating that the botnet is a private computers network that is infected with the malicious software and is controlled as group without the knowledge of the owner, e.g. for sending spam.

Additionally, Linux.Rex.1 further contains a special module within, enabling it to run scans on infected network for the websites which are based on Magento, JetSpeed, Drupal, as well as WordPress CMS. Dr. Web further observed that websites based on Drupal are particular target for this malware because it has capability to perform the vulnerability scan and hacking websites by using SQL injection. Once hacked, malware makes a replica of the website and then distributes itself on additional networks.

As of today, versatile Rex Linux trojan is extremely profitable malware version, permitting criminals in earning money through Bitcoin mining, renting the DDoS attacks, DDoS extortion, spam distribution, as well as website defacements (in case that weak Drupal ransomware actually fools anybody, which we doubt).

For detection, it looks that the antivirus engines of VirusTotal do not recognize trojan as threat.

» SPAMfighter News - 8/24/2016