A new backdoor Linux-based operating system trojan dubbed “SpeakUp” is on the loose, although so far it does not appear to have propagated to North America or Europe. Research team Check Point Research recently reported the discovery and said SpeakUp exploits known vulnerabilities in six separate Linux distributions and is able to evade all security vendors. A community of radio amateurs use various forms of Linux, including the popular Ubuntu software, which includes ham radio apps. Check Point Research said the attack is targeting worldwide servers.
“The attack is gaining momentum and targeting servers in East Asia and Latin America, including AWS [Amazon Web Services]-hosted machines,” the Check Point Research article said. “SpeakUp acts to propagate internally within the infected subnet, and beyond to new IP ranges, exploiting remote code execution vulnerabilities. In addition, SpeakUp presented ability to infect Mac devices with the undetected backdoor.” The origin of the malware appears to be in East Asia, although its developer may be Russian.
Check Point Research said the sample it analyzed had targeted a machine in China on January 14. Once the software successfully registers a victim, it receives commands to manipulate the machine to download and execute various files. Check Point Research said SpeakUp serves XMRig cryptocurrency miners listening to infected servers.