Published February 14, 2019
While the average user may think that the operating system choices only go as far as "PC or Mac", the truth is that there are many more systems running behind the scenes agreement of our digital infrastructure. Linux is one such system used by hobbyists, computer enthusiasts, and businesses to run all kinds of servers and back-end systems. It goes without saying that it will also be malicious software for Linux – even though it is less frequent than most. According to a story that makes the rounds of ZDNet and BleepingComputer, it is a virulent new form of Linux malware that takes root worldwide – and it also works on MacOS.
Scientists call it "SpeakUp" and it was first discovered only weeks ago in mid-January. After analyzing how it works, security professors found that it was both sophisticated and powerful. It uses a security issue in a Chinese version of PHP, a server-focused programming language called ThinkPHP; This vulnerability has existed since at least December, but SpeakUp is perhaps the most potent malware to exploit the loopholes. Using the vulnerability, SpeakUp primarily infects Linux servers, after which it initiates a rapid array of actions.
First, it calls home to the command and control server for instructions. It receives instructions and its malicious payload, while carefully encrypting the traffic to make it harder to find out where the instructions come from. Meanwhile, SpeakUp uses a specific Python script to investigate the server's local network for other devices it can infect; If it finds goals, it spreads to them and restarts the process.
SpeakUp is built to accommodate homes on six different Linux distributions and macOS, providing the surprising range. Scientists noted that the first infections were hyper-localized to China, but infections have since spread around the Asia-Pacific region and to South America ̵
What is all this work for in the end? Money, of course. SpeakUp so far has not engaged in espionage or theft, but instead deploys Monero Cryptocurrency miners to generate funds for the hackers. That doesn't mean it's all they can do, though; SpeakUp is not only persistent on its infected hosts, but it can pick up new payloads from its masters at any time.
For average Mac users, this is not likely to be a threat yet, but some malware is worth looking at carefully. Although it is not known to have infected US-based machines, it recently means that spikes in the number of infections can happen at any time. However, the effects should remain minimal as many US systems are unlikely to use a Chinese PHP framework. For now the researchers are keeping a good eye on this.