Linux is infected with the Phalax Trojan
The Phalax Trojan can infect and damage computers running Linux operating systems.
A Phallax The most important feature of Trojan is that it is compatible with Linux operating systems. It performs several actions that can occur with many Windows malware. After creating the files needed for it to work, it installs a rootkit component that hides your Trojan by manipulating various system calls. It then connects to a remote server and waits for attackers' commands through a backdoor. they may even take full control of infected systems.
When the Phalax Trojan starts, it performs the following actions:
- Create the following files:
/usr/share/.home.ph1/
/usr/share/.home.ph1/tty/
/usr/share/.home.ph1/cb
/etc/host.ph1/hostname
/usr/share/.home.ph1/.phalanx
/usr/share/.home.ph1/.sniff - It installs a rootkit component that helps manipulate various system calls to help hide files and processes associated with Trojans.
- Connects to a predefined remote server.
- It allows attackers to perform arbitrary actions on infected systems.
