VulnHub

Real-time Cybersecurity News

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

The Hacker News
Actively Exploited
LinuxMalwareCritical

Overview

Researchers have identified a new piece of Linux malware called Showboat, which has been targeting a telecommunications provider in the Middle East since at least mid-2022. This malware acts as a modular framework that allows attackers to gain remote access to systems, transfer files, and create a SOCKS5 proxy for further exploitation. The use of such a backdoor poses significant risks to the telecommunications infrastructure, potentially compromising sensitive data and disrupting services. As the attack has been ongoing for over a year, it raises concerns about the security measures in place within the affected organization and signals a growing trend of targeted attacks on critical sectors. Companies in similar industries should be vigilant and enhance their security protocols to protect against such sophisticated threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Linux systems used by telecommunications providers
  • Action Required: Implement enhanced security measures, conduct regular system audits, and monitor for unusual network activity.
  • Timeline: Ongoing since mid-2022

Original Article Summary

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a SOCKS5 proxy," Lumen

Impact

Linux systems used by telecommunications providers

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since mid-2022

Remediation

Implement enhanced security measures, conduct regular system audits, and monitor for unusual network activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, Malware, Critical.

Read Original Article

Related Coverage

Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks

darkreading

Recent reports indicate that Chinese advanced persistent threat (APT) groups are using a Linux backdoor called 'Showboat' to target telecommunications providers in Central Asia. This backdoor has been linked to espionage activities aimed at intercepting communications from smaller markets. The attacks raise concerns about the security of telecom infrastructure in the region, as they highlight how vulnerable these systems can be to state-sponsored hacking. The use of such sophisticated malware suggests that these APTs are not only looking to gather intelligence but also to potentially disrupt communications. As these attacks unfold, the implications for privacy and security in the telecommunications sector are significant, particularly for users relying on these services.

May 21, 2026

Content Delivery Exploit Opens Websites to Brand Hijacking

darkreading

A newly identified attack method, known as the Underminr domain-fronting attack, allows cybercriminals to manipulate web requests and disguise their malicious activities by using trusted websites. This technique makes it challenging for security systems to detect and block harmful actions, as they appear to originate from legitimate sources. Websites that rely on content delivery networks (CDNs) are particularly vulnerable, as attackers can exploit these trusted domains to hijack brands and potentially mislead users. The implications are significant, as this could lead to a loss of customer trust and financial harm for affected companies. Organizations should be aware of this tactic and take measures to secure their web infrastructure.

May 21, 2026

CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form

CISA News

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog by introducing a new nomination form. This form allows organizations to report vulnerabilities they believe should be included in the catalog, which serves to inform the public about security flaws that are actively being exploited by attackers. The catalog aims to help organizations prioritize their cybersecurity efforts by focusing on vulnerabilities that pose the most immediate risk. This initiative is particularly important as it encourages collaboration between the public and private sectors in identifying and addressing security weaknesses. By expanding the catalog, CISA hopes to enhance the overall security posture of critical infrastructure and other sectors.

May 21, 2026

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

SecurityWeek

In 2025, Apple took significant measures to maintain the integrity of its App Store by rejecting over 2 million app submissions. This move was part of a broader strategy to combat security threats and prevent fraud, resulting in the blocking of more than 1.1 billion accounts and the interception of $2.2 billion in potentially fraudulent transactions. The company's stringent review process aims to protect users from malicious apps and scams, ensuring a safer experience on its platform. This action highlights the ongoing challenges in app security and the need for companies to remain vigilant against fraudulent activities. Developers looking to publish apps must adhere to strict security protocols to avoid rejection, which could impact their business operations.

May 21, 2026

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

The Hacker News

Microsoft has reported that two vulnerabilities in its Defender software are currently being exploited. The first, identified as CVE-2026-41091, is a privilege escalation flaw that has a CVSS score of 7.8, meaning it poses a significant risk. If successfully exploited, attackers could gain SYSTEM privileges, which would allow them to control the affected systems. The second vulnerability is a denial-of-service flaw, though specific details about its CVE designation weren't provided. These vulnerabilities affect Microsoft Defender, and users of the software should be vigilant as attackers are actively exploiting these flaws in the wild. It's crucial for individuals and organizations to take immediate action to secure their systems.

May 21, 2026

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

SecurityWeek

Google has recently patched over 200 vulnerabilities in its Chrome browser, with many of these issues reported by its own security teams. This uptick in discoveries is believed to be largely driven by advancements in artificial intelligence, which has enhanced the company's ability to identify and address security flaws. Users of Chrome should be aware that while these vulnerabilities have been fixed, the sheer volume underscores the ongoing challenges in maintaining browser security. Keeping Chrome updated is crucial to protect against potential exploitation of these vulnerabilities. This situation highlights the importance of continuous vigilance in cybersecurity, especially for widely used software like Chrome.

May 21, 2026