The number of attacks on computers is increasing almost exponentially these days. The latest one to make news is the Rex Linux Trojan. This “Swiss knife” of a malicious program is a piece of work capable of running DDoS attacks, hold the infected computer for ransom (ransomware) and even mine Bitcoin without the user’s knowledge. Built on Google’s Go platform, the Trojan was first identified by cyber security firms three months ago. The earlier version of Rex Linux Trojan was much weaker and it was found targeting Drupal websites. Security experts were able to defeat the ransomware easily. However, Rex Linux Trojan as evolved since then to become a considerable threat. According to reports , the malware uses peer to peer communication network and has 5 major parts and it is capable of attacking more than just CMS platforms like Drupal. The different parts of Rex Linux Trojan include an attack vector, Bitcoin mining capability, Command and Control Communication, ransomware and DDoS attack. The malware is delivered by bots scanning the internet for vulnerable websites. It is found to take advantage of multiple well-known security vulnerabilities of the platforms. Rex Linux Trojan makes use of CVE-2014-3704 Drupalgeddon vulnerability for infecting Drupal based web platforms. Similarly, Magento based websites are targeted using Shoplift RCE bugs. Many plugins on WordPress are found to be vulnerable to Rex Linux Trojan. Some of the compromised plugins include WooCommerce, Robo Gallery, Rev Slider, WP-Squirrel, Site Import, Brandfolder, Issuu Panel and Gwolle Guestbook. Once infected, the ransomware scans the database using “RansomScanner” to retrieve the administrator’s email address. Upon retrieving the contact information, Rex Linux Trojan sends an email demanding a Bitcoin ransom to be paid in order to prevent the site from coming under a DDoS attack. The cryptocurrency mining portion of the ransomware […]
