As detailed in The Hacker News, a new Linux malware named Showboat has been identified by Lumen Technologies Black Lotus Labs, actively targeting a telecommunications provider in the Middle East since mid-2022. This sophisticated post-exploitation framework is designed for Linux systems and offers capabilities such as remote shell access, file transfer, and SOCKS5 proxy functionality.Showboat is believed to be utilized by Chinese-affiliated threat actors, with command-and-control infrastructure linked to Chengdu, China. This aligns with the observed "resource pooling" strategy employed by Chinese state-sponsored groups, who leverage shared frameworks like PlugX and ShadowPad. The malware, also tracked as EvaRAT by Kaspersky, operates by contacting a C2 server, collecting system information, and transmitting it encrypted. It can upload and download files, conceal its processes, and manage C2 servers.To maintain stealth, Showboat retrieves code from Pastebin. The malware's SOCKS5 proxy feature allows attackers to access internal network devices not directly exposed to the internet. Investigations have uncovered victims including an ISP in Afghanistan, an entity in Azerbaijan, and potential compromises in the U.S. and Ukraine. The presence of Showboat serves as an early warning for broader security risks within affected networks.Source: The Hacker News
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds



