A new trojan coded in Rust is targeting Linux-based platforms and adding them to a botnet controlled through an IRC channel, according to a recent discovery by Dr.Web, a Russian antivirus maker.
Initial analysis of this trojan, detected as Linux.BackDoor.Irc.16, reveals this may be only a proof-of-concept or a testing version in advance to a fully weaponized version.
Currently, the trojan only infects victims, gathers information about the local system and sends it to its C&C server.
Trojan controlled via an IRC channel
The trojan, which is coded in Rust, a programming language sponsored by the Mozilla Foundation, also integrates the “irc” Rust library by Aaron Weiss, in order to communicate via the IRC protocol to a remote IRC public channel.
At the time of writing, the channel hardcoded in the trojan’s configuration is offline.
All trojans that infect a target will automatically connect to this IRC channel and wait for commands.
The hacker in control of this IRC channel can submit a message to the channel’s public chat, and all connected bots will parse this message and execute it.
Submitted by: Arnfried Walbrecht