Malware

New Linux malware ‘Showboat’ targets Middle East telecom provider

Privacy concept: pixelated words Malware on digital background, 3d render

As detailed in The Hacker News, a new Linux malware named Showboat has been identified by Lumen Technologies Black Lotus Labs, actively targeting a telecommunications provider in the Middle East since mid-2022. This sophisticated post-exploitation framework is designed for Linux systems and offers capabilities such as remote shell access, file transfer, and SOCKS5 proxy functionality.

Showboat is believed to be utilized by Chinese-affiliated threat actors, with command-and-control infrastructure linked to Chengdu, China. This aligns with the observed "resource pooling" strategy employed by Chinese state-sponsored groups, who leverage shared frameworks like PlugX and ShadowPad. The malware, also tracked as EvaRAT by Kaspersky, operates by contacting a C2 server, collecting system information, and transmitting it encrypted. It can upload and download files, conceal its processes, and manage C2 servers.

To maintain stealth, Showboat retrieves code from Pastebin. The malware's SOCKS5 proxy feature allows attackers to access internal network devices not directly exposed to the internet. Investigations have uncovered victims including an ISP in Afghanistan, an entity in Azerbaijan, and potential compromises in the U.S. and Ukraine. The presence of Showboat serves as an early warning for broader security risks within affected networks.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds