Linux variant of Turla malware has gone undetected for years
Security firm Kaspersky Labs has found advanced malware for the Linux operating system that appears to be part of the infamous Turla malware. This malicious software is believed to be used for espionage purposes and has gone undetected for years.
The Turla component for Linux, according to Kaspersky, is a module written in C/C++. The malware is said to be well hidden and invisible to admin tools such as Netstat, for example. Also, the malware does not use Linux components that require root access. The malicious software only becomes active when it receives a special package from a command&control server. The malware can then execute commands from the attacker unnoticed.
While it is not entirely clear who is behind the malware, Kaspersky states that the malware is part of the Turla malware family. Until now, it was only found on Windows systems. Turla is said to contain features that indicate Russian origin and the malware is so advanced that a government must be behind the development of the malware, but the Russian security company will not name a specific country.
In March this year, Symantec announced that the Turla malware is believed to have infected 1,000 computer networks in Europe, the Middle East and the United States, including systems of European secret services. Turla was probably used for espionage purposes and would have gone undetected for at least four years.