Security researchers have discovered a crafty piece of malware written for Linux, but finding it after three years in the wild is just “the tip of the iceberg,” they say. Its purpose remains a mystery.
At least it now has an identity. Researchers at Qihoo 360 Netlab (via Bleeping Computer) are calling it RotaJakiro, named after a mashing of its characteristics—it uses rotating encryption keys, and is a two-headed beast of sorts, in that it executes different code for root and non-root accounts.
Staying hidden for so long is a result of RotaJakiro employing a combination of ZLIB compression and several different encryption algorithms. Dating back to 2018, at least four RotaJakiro samples have been uploaded to VirusTotal, a website that scans files with over 60 antivirus engines. The most recent upload occurred in January of this year.