RotaJakiro remained secret for years
RotaJakiro is a backdoor that infects Linux systems. It has been infecting machines since 2018, but only became known in April 2021, when 360 Netlab announced its discovery (RotaJakiro: A long live secret backdoor with 0 VT detection).
According to Netlab, RotaJakiro disguises itself by dynamically encrypting and compressing its resources and traffic. This must have helped the malware stay unnoticed by antivirus vendors for so long. No scanners on Virustotal.com detected RotaJakiro samples back when users submitted them in 2018 and in 2020.
Those days are over as RotaJakiro now gets flagged as “Trojan.Linux.Backdoor”, “Linux.Backdoor.Rotajakiro”, and by similar labels (Virustotal.com).
Potentially dangerous, but still a mystery
Netlab was not able to observe RotaJakiro execute its features, although it saw that the malware had twelve different functions for spying on the infected machine and executing instructions.
RotaJakiro exemplifies a backdoor – a malicious program that allows actors to access the infected computer and perform actions on it. To condense RotaJakiro’s twelve features, it can:
- Upload device information, data, and files to C2.
- Download and run files, scripts, and executables.
This could allow malicious actors behind RotaJakiro to take control over the infected computers.
Netlab noted that RotaJakiro has similarities to the Torii botnet (New, more sophisticated IoT botnet targets a wide range of devices).
Frustratingly, RotaJakiro is still a mystery. What does it do exactly? How does it infect computers? How widespread is it? Is it harmless like the SilverSparrow trojan? Or is this just the tip of the iceberg? Netlab themselves admitted that a lot of important details about this trojan are still unknown.
Hopefully, now that RotaJakiro has been exposed, more information about it will emerge. For now, antivirus vendors have made sure to detect RotaJakiro and will be on the lookout for this mysterious malware.