A backdoor trojan dubbed "SpeakUp" is a new threat that has been targeting Linux servers. CVE-2018-20062 was the initial infection vector that targeted a remote code execution vulnerability. It has infected over 70,000 servers worldwide and is currently being used for crypto mining campaigns. The trojan is capable of infecting on-premises and cloud-based servers. While it is presently affecting Linux machines, it also has the capabilities to infect MacOS. Given its broad spectrum of capabilities, researchers are wondering what it will ultimately be used for, fearing that it may have other threat factors. One of the fears is that once the trojan has infected a host, the attacker will sell the capabilities to the highest bidder. It is recommended to consistently scan for trojans and apply patches when they are released.
Relevant URL(s): https://threatpost.com/speakup-linux-backdoor/141431/