RotaJakiro Trojan Targets Linux Systems

Metamorfo Banking Trojan

The RotaJakiro Trojan is a Linux-compatible piece of malware whose creators have paid extra attention to making their payload as difficult to analyze as possible. While many malware developers tend to pay attention to malicious features, the ones behind the RotaJakiro Trojan have opted to heavily encrypt the payload, its plugins, and the communication happening between the implant and the command-and-control server. This has turned RotaJakiro Trojan into a complicated puzzle, which is yet to be fully deciphered by cybersecurity researchers.

The first samples of this Trojan date back to 2018, but it is still in active use today. The exact infection vector that the attackers use is not clear – they might be planting it on already compromised networks, or they might be using social-engineering techniques to get computer operators to execute the malicious file. Once launched, the RotaJakiro Trojan implant will check whether it has administrative privileges or not – depending on the outcome, it will choose between one of two execution policies.

So far, researchers have uncovered RotaJakiro Trojan's ability to make use of its modular structure, as well as to steal files and sensitive data from the compromised device. However, some of its plugins are still relatively unknown, and their capabilities remain a mystery.

Samples of the RotaJakiro Trojan that were recovered from infected machines used names such as 'systemd-daemon' and 'gvfsd-helper' to try and blend in with other system components. Linux malware campaigns have been steadily rising over the past couple of years, and users of this operating system should not ignore the importance of following the best security practices and investing in reliable antivirus software.

April 29, 2021