SpeakUp Backdoor

The SpeakUp Backdoor is a backdoor Trojan that uses software vulnerabilities and brute-forcing to spread and compromise Linux and macOS devices. Although its features are flexible for allowing other payloads sufficiently, its threat actors are limiting its usage to running XMRig, a cryptocurrency miner currently. Unsafe mining activities can damage hardware and harm performance, and users should respond to infections by having a high-quality anti-malware tool uninstall the SpeakUp Backdoor and XMRig for preventing damage to their systems.

Speaking Up about Trojans Cashing in On PHP Vulnerabilities

The SpeakUp Backdoor campaign is rising fast, with an extreme spike in infections as of late January 2019 after a previous year of relatively small-scale activity. It's likely that this change speaks less to new features or updates for the SpeakUp Backdoor than it shows its threat actors' increasing interest in fully leveraging the tools that always were available to them. This threat is converting both Linux servers and macOS machines into tantamount mining slave successfully.

The SpeakUp Backdoor abuses a publicly-known, PHP code-executing vulnerability, CVE-2018-20062, for infecting half a dozen versions of Linux, along with Apple's OS. Although its current infection vectors are targeting India, the rest of Asia, and South America most effectively, the same strategy applies just as well to more than nine out of ten of the top million US domains. Abusing this vulnerability gives the SpeakUp Backdoor its initial access, which it can supplement by using brute-force attacks and various software exploits against the rest of a compromised network.

Concerningly, most security solutions don't identify the SpeakUp Backdoor, which is using unknown means of evading current threat detection quantifiers. It's capable of downloading and running other files arbitrarily, according to the C&C commands its admins give it. However, malware researchers only see the SpeakUp Backdoor attacks using their positions for running XMRig – a very well-known, cryptocurrency-generating program gets recycled for campaigns like those of CookieMiner, SmokeLoader, and the BlackRuby Ransomware.

Quieting an Increasingly Loud Trojan

The SpeakUp Backdoor's spread throughout much of the world succeeds through two, simple factors: users not updating their software and making bad choices for their logins. The majority of software vulnerabilities that Trojans like the SpeakUp Backdoor exploit are entirely fixable by installing appropriate patches for your server's software and most brute-force attacks are incapable of succeeding against reasonably-strong password and username selections. Malware researchers have yet to track any other propagation techniques to the SpeakUp Backdoor, despite the undeniability of its success.

The SpeakUp Backdoor's payload conveys all the risks of a backdoor Trojan – which gives attackers access to your system – and a Trojan downloader that can download and run corrupted files, including the installers for new threats. Even if it never adds new utilities to its kit, its mining activities, with an inappropriate or careless configuration, could burn out hardware or cause significant system instability. Removing a SpeakUp Backdoor installation through appropriate anti-malware software should be the reaction of any user who fails at preventing the infection through the previous recommendations.

The SpeakUp Backdoor's activity is noisy to the cyber-security industry, but the average server admin may not see this work as it's happening. Good security standards are even better than good eyesight for spotting, or better yet, preventing Trojan attacks.