Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New Linux Malware Showboat Targets Middle East Telecom

New Linux Malware Showboat Targets Middle East Telecom

Posted on May 21, 2026 By CWS

Cybersecurity experts have revealed a new threat in the form of a Linux-based malware named Showboat, which has been targeting a telecommunications company in the Middle East since mid-2022. This malware is particularly concerning due to its advanced capabilities and potential connections to Chinese cyber espionage groups.

Modular Framework and Capabilities

Showboat is identified as a sophisticated post-exploitation framework. Designed specifically for Linux systems, it is capable of initiating a remote shell, transferring files, and acting as a SOCKS5 proxy. According to Lumen Technologies Black Lotus Labs, the malware’s modular nature makes it a powerful tool for attackers.

The malware has been associated with several threat clusters possibly linked to China. These clusters have been identified through connections between command-and-control (C2) nodes and IP addresses traced back to Chengdu, China. This pattern aligns Showboat with other well-known frameworks like PlugX and ShadowPad, commonly used by Chinese state-sponsored actors.

Investigation and Technical Analysis

The investigation into Showboat began with an ELF binary uploaded to VirusTotal in May 2025. The platform classified it as a sophisticated Linux backdoor with rootkit-like features. Kaspersky has labeled this variant as EvaRAT, highlighting its advanced nature.

The malware communicates with a C2 server, collecting system information and sending it back in an encrypted format. It can also transfer files, conceal its processes, and manage connections to other devices through its SOCKS5 proxy capability. This functionality suggests that Showboat’s main objective is to establish a persistent presence on compromised systems.

Broader Implications and Security Concerns

Further investigation identified additional victims, including an ISP in Afghanistan and another unknown entity in Azerbaijan. A secondary C2 cluster, utilizing similar certificates, indicated possible compromises in the U.S. and Ukraine, pointing to a broader reach of the attack.

While some attackers favor native system tools for stealth, others, like those using Showboat, employ persistent malware implants. Black Lotus Labs researcher Danny Adamitis emphasized that such threats should be viewed as early warnings of potential larger security issues in affected networks.

The discovery of Showboat underscores the ongoing challenges of cybersecurity in the telecommunications sector, particularly regarding nation-state-backed threats. Organizations must remain vigilant and implement robust security measures to protect against such sophisticated attacks.

The Hacker News Tags:Black Lotus Labs, C2 Server, China, cyber espionage, cyber threats, Cybersecurity, digital security, hacker news, Kaspersky, Linux malware, Middle East telecom, Showboat, SOCKS5 proxy, Telecommunications, threat intelligence

Post navigation

Previous Post: P2PInfect Botnet Threatens Kubernetes via Exposed Redis
Next Post: Socket Secures $60 Million, Reaches $1 Billion Valuation

Related Posts

AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar The Hacker News
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments The Hacker News
67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers The Hacker News
Announcing Cybersecurity Stars Awards 2026 Announcing Cybersecurity Stars Awards 2026 The Hacker News
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks The Hacker News
BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark