Home Malware Programs Malware Drovorub


Posted: August 14, 2020

The Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) have released a report regarding a new malware type whose usage and development have been attributed to a Russian cybercrime organization tracked under APT28. The new malware implant is called Drovorub. It is believed to be involved in sophisticated attacks against Linux-based systems – the malware can infiltrate the compromised host silently and then collect information or execute remote commands that enable the attacker to take full control over the infected system.

Sofacy's Drovorub Malware may Have Targeted US Government Departments

APT28, also known as Fancy Bear or Sofacy, has been active in the cybercrime field for over a decade, and its activity is believed to be backed up by the GRU, Russia's Main Intelligence Directorate. Almost always, APT28's campaigns benefit the Russian government in some way, and the Drovorub campaign is not any different – however, the FBI and NSA report did not include details about the organizations that Drovorub targets, nor did it mention anything regarding the malware's activity period.

What the report did mention, however, is the features found in the Drovorub. The first and most meaningful thing to mention about this malware is that it has the ability to compromise Linux systems, which makes it a very advanced and sophisticated project automatically. Not only it is able to infect Linux devices, but it also can gain escalated permissions that allow it to execute a wide range of tasks such as:

  • Communicate with the remote C2 (Command-and-Control) server.
  • Receive commands to execute, and then return the output to the attacker's server.
  • Manipulate network traffic.
  • Spy on network traffic.
  • Avoid automatic detection tools.
  • Download and upload files.

According to the FBI and NSA's joint report, Drovorub is likely to threaten networks related to the Defense Industrial Base, Department of Defense and National Security Systems. Needless to say, this is a major security concern, and the likely targets should adopt the necessary mitigation measures to protect their networks.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Drovorub may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.