Linux Shishiga malware, a threat in dangerous evolution

Malware researchers from security firm ESET have discovered a new Linux threat dubbed Shishiga malware targeting systems in the wild.

Malware researchers from ESET have discovered a new Linux malware dubbed Linux/Shishiga targeting systems in the wild.

The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) implements a modular architecture by using Lua scripts.

“Among all the Linux samples that we receive every day, we noticed one sample detected only by Dr.Web – their detection name was Linux.LuaBot. We deemed this to be suspicious as our detection rates for the Luabot family have generally been high. Upon analysis, it turned out that this was, indeed, a bot written in Lua, but it represents a new family, and is not related to previously seen Luabot malware. Thus, we’ve given it a new name: Linux/Shishiga. It uses 4 different protocols (SSH – Telnet – HTTP – BitTorrent) and Lua scripts for modularity.” reads the analysis published by security firm ESET.

The spreading mechanism behind the Shishiga malware leverage on brute-force attack, the malicious code in fact

Shishiga malware relies on the use of weak, default credentials in its attempts to plant itself on insecure systems through brute-force attacks. The malware uses a built-in password list in the attempt to hack a system.

Despite Shishiga has many similarities with other recent malware in abusing weak Telnet and SSH credentials, researchers consider it more sophisticated due to the usage of the BitTorrent protocol and Lua modules.

“At a first glance, Linux/Shishiga might appear to be like the others, spreading through weak Telnet and SSH credentials, but the usage of the BitTorrent protocol and Lua modules separates it from the herd. BitTorrent used in a Mirai-inspired worm, Hajime, was observed last year and we can only speculate that it might become more popular in the future.” states ESET.

According to the experts, the Shishiga malware is a working progress, at the time of the ESET’s investigation it infected just a small number of Linux machines, the researchers also observed continuous addition, removal, and modification of the components along with code comments and debug information.

It’s possible that Shishiga could still evolve and become more widespread but the low number of victims, constant adding, removing, and modifying of the components, code comments and even debug information, clearly indicate that it’s a work in progress. To prevent your devices from being infected by Shishiga and similar worms, you should not use default Telnet and SSH credentials.

ESET is warning of a possible evolution of the Shishiga malware, in order “to prevent your devices from being infected by Shishiga and similar worms, you should not use default Telnet and SSH credentials.”

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase