From the ARRL Letter on 2/7/19

A new backdoor Linux-based operating system Trojan dubbed “SpeakUp” is on the loose, although so far it does not appear to have propagated to North America or Europe. Research team Check Point Research recently reported the discovery and said SpeakUp exploits known vulnerabilities in six separate Linux distributions and is able to evade all security vendors. Some radio amateurs use various forms of Linux, including the popular Ubuntu software, which includes ham radio apps.

Tux the Penguin, the Linux mascot. [©1997 by Andreas Dilger, used by permission]

“The attack is gaining momentum and targeting servers in East Asia and Latin America, including AWS [Amazon Web Services]-hosted machines,” the Check Point Research article said. “SpeakUp acts to propagate internally within the infected subnet, and beyond to new IP ranges, exploiting remote code execution vulnerabilities. In addition, SpeakUp presented ability to infect Mac devices with the undetected backdoor.”

Check Point Research said once the software successfully registers a victim, it receives commands to manipulate the machine to download and execute various files, and that SpeakUp serves XMRig cryptocurrency miners listening to infected servers.

“SpeakUp’s obfuscated payloads and propagation technique is beyond any doubt the work of a bigger threat in the making,” Check Point Research concluded.

Linux is a family of free, open-source operating systems based on the Linux kernel first released in 1991 by Linus Torvalds.

New Campaign Exploiting Linux Servers to Insert Backdoor “SpeakUp” Trojan