Sophisticated Linux Trojan Self-Deletes to Elude Detection

October 25, 2016 | By admin
1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, 5.00 / 5

A new Linux trojan exploits weak security in Internet of Things (IoT) devices to infect those devices and allow them to be utilized as part of a Bot network. The trojan has been named ELF Linux/NyaDrop. This trojan specifically targets the MIPS CPU architecture in Linux IoT devices.

linux trojan


Recently security blogger Brian Krebs’ website – – had faced a “historically large distributed denial-of-service (DDoS) attack”. The malware used for the attack has been named as “Mirai”. This malware scans IoT devices connected to the internet to find out if they have the default authentication password. It has been seen as a trend that the default passwords are not being changed in many devices. This showcases the lack of importance given for changing the default passwords of devices. Many different types of IoT devices with 32bit clock MIPS CPU architecture were compromised – routers, digital video recorders, security cameras, and printers.

While the default password can be changed in most devices, there are some devices that have the passwords hardcoded into them. This is the scant regard for security that the device manufacturers had, or it could be intentional too… That is yet to be seen…
Some of these devices are very popular and used worldwide.

How the Attack Happens

The Linux/NyaDrop exploits password vulnerability in IoT devices and infects them with malware. It is a brute force attack that penetrates the devices. The Linux/NyaDrop is a Trojan backdoor and dropper. It opens a backdoor to remotely connect to a host that sends malicious files to the infected machine. This code is then executed and the device becomes part of the bot net.

Every time the NyaDrop attempts and logs into the MIPS system it deletes itself. The malware also gets updated. This unique process prevents detection by most antivirus solutions.

The NyaDrop had got detected as early as in May 2016, however it was not as potent as it is now. An improved version of the NyaDrop was used in the Mirai botnet attack on the krebsonsecurity website, which showcased the awesome power it had. The public release of source code of the Mirai botnet revealed the Trojan NyaDrop.

Preventive Measures

  • Install a robust antivirus for Linux
  • The antivirus must employ real-time cloud based scanning to analyze the processes and block malicious processes
  • Hardware vendors must make it mandatory for users to change the default passwords
  • A strong password policy must be specified for formation of passwords of IoT devices

comodo antivirus

comodo antivirus

Related Resources:


Spread the love

Add new comment

Your name

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comodo Complete Antivirus Icon
The World's Only Complete Antivirus for $29.99/yr

Protect Your PC Against All Threats with Enterprise-Grade Technology for Home.

Got more than 1 PC? Get 3 Licenses for $39.99