MakuluLinux (6.4M Downloads) Ships Persistent Backdoor from Developer's Own C2
8 days ago
- #linux
- #security
- #backdoor
- MakuluLinux includes a persistent backdoor in its OS installer, connecting to a developer-controlled C2 server.
- The backdoor is disguised as a 'System Health Check' and establishes a TCP connection to 217.77.8.210:2006.
- The developer, Jacque Montague Raymer, operates the C2 server and related domains, confirming the backdoor's origin.
- Insecure practices include unsecured HTTP updates, auto-execution of scripts with sudo, and lack of code signing.
- MakuluLinux serves as a funnel for an AI-as-a-service platform, with all AI features proxied through the developer's server.
- The backdoor allows for data harvesting, including geolocation and user sessions, with all AI requests logged.
- Mitigation steps include killing the backdoor process, deleting related files, blocking C2 servers, and disabling update scripts.
- The Human Router architecture is suggested as a solution to prevent unauthorized actions in untrusted environments.