Linux using compromised Linux-based IoT devices to send spam emails

Security on Linux based devices is a myth. Botnets, like Mirai, that are capable of infecting Linux-based IoT devices are rapidly increasing and are mainly designed to perform Distributed Denial of Service (DDoS) attacks, but recently security researchers have discovered that cyber criminals are using this botnets for mass spam emails.

Back in February this year, a security research firm, Doctor Web discovered a Linux Trojan, Linux.ProxyM. The Trojan runs a SOCKS proxy server on an infected IoT device and is capable of detecting honeypots in order to hide from malware researchers. This Linux Trojan can operate on almost all Linux devices including routers, set-top boxes, and other equipment having the following architectures: x86, MIPS, PowerPC, MIPSEL, ARM, Motorola 68000, Superh and SPARC.

The Russian security firm, Doctor Web conducted a new research and has revealed that the cybercriminals are using the same Linux Trojan, Linux. ProxyM to ensure their online anonymity and has recently updated to add mass spam email sending capabilities.

According to the Russian security firm, on an average, each infected device sends out 400 of such emails per day. Although, the total number of infected devices is unknown but Doctor Web analysts believes that the majority of infected devices is located in Brazil and the US, followed by the countries, Russia, India, Mexico, Italy, Turkey, Poland, France and Argentina.

"We can presume that the range of functions implemented by Linux Trojans will be expanded in the future," said a researcher from Doctor Web. “The Internet of things has long been a focal point for cybercriminals. The wide distribution of malicious Linux programs capable of infecting devices possessing various hardware architectures serves as proof of that.”