VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Showboat: Linux Backdoor with SOCKS5 Targets Middle Eastern Telecom

Showboat: Linux-бэкдор с SOCKS5 атакует телеком на Ближнем Востоке

Colleagues — a heads-up for the infosec community: we identified Showboat, a modular Linux backdoor with SOCKS5, used against a telecom provider since 2022.

- Lumen/Black Lotus Labs: remote shell, file transfer, SOCKS5; Kaspersky tags it as EvaRAT.
- C2 links point to clusters tied to China (IPs in Chengdu); exfiltrated data embedded in PNGs (Base64); payload fetched from Pastebin (Jan 2022).
- Victims: Afghanistan, Azerbaijan; similar infrastructure tied to compromises in the US and Ukraine.

Recommendations: monitor outbound connections, audit ELF binaries, and segment networks.

Why it matters: Showboat provides persistent access and intra‑LAN proxying.

What measures are you taking against such implants?

#cybersecurity #Linux #threatintel #incidentresponse

Latest comments

No comments yet.