Linux Trojan may have spied on govts, military and pharma firms in 45 countries

9 Dec 2014

A Linux Trojan, linked to the Turla threat discovered in August, is believed to have spied on government institutions, military bodies, educational and research bodies and pharmaceutical firms in 45 countries.

Earlier this year, researchers discovered that a sophisticated piece of spyware had been infecting hundreds of government computers across the US and Europe.

Researchers believed that the malware, known as Turla, is the work of the Russian government and linked to the same software that was used to launch a massive breach on the US military in 2008.

Researchers at Moscow-based Kaspersky Lab have described Turla as one of the most complex advanced persistent threats (APTs) in the world.

“So far, every single Turla sample we’ve encountered was designed for the Microsoft Windows family, 32 and 64-bit operating systems,” wrote Kurt Baumgartner and Costin Raiu in the Kasperksy Lab Securelist blog.

“The newly discovered Turla sample is unusual in the fact that it’s the first Turla sample targeting the Linux operating system that we have discovered.”

It is believed the malware sat unnoticed on government computers for years but all the while had been able to intercept traffic and run commands on infected machines, communicate with servers, and perform remote management functions.

“The Linux Turla module is a C/C++ executable statically linked against multiple libraries, greatly increasing its file size,” said Kaspersky.

“It was stripped of symbol information, more likely intended to increase analysis effort than to decrease file size. Its functionality includes hidden network communications, arbitrary remote command execution, and remote management. Much of its code is based on public sources.”

Spyware image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years