{
	"id": "f88c2eee-46e9-4c96-87a4-544862815867",
	"created_at": "2026-04-10T03:20:49.075864Z",
	"updated_at": "2026-04-10T13:11:24.359234Z",
	"deleted_at": null,
	"sha1_hash": "8a82021104d0fea3d6bb9d4a5d484ce25c10df0d",
	"title": "Doctor Web discovers Linux Trojan written in Rust",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 96273,
	"plain_text": "Doctor Web discovers Linux Trojan written in Rust\r\nPublished: 2016-09-08 · Archived: 2026-04-10 02:47:30 UTC\r\nBy continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies\r\nrelated to the collection of visitor statistics.\r\nLearn more\r\n08.09.2016\r\nReal-time threat news | Hot news | All the news | Virus alerts\r\nSeptember 8, 2016\r\nDoctor Web’s specialists have discovered a new Linux Trojan written in the Rust programming language.\r\nThe Trojan has been named Linux.BackDoor.Irc.16.\r\nLinux.BackDoor.Irc.16 is a typical backdoor program that executes commands issued by cybercriminals via the\r\nIRC (Internet Relay Chat) protocol. The Trojan connects to the public chat channel specified in its configuration\r\nand awaits its instructions.\r\nThe Trojan can execute just four commands. It can connect to a specified chat channel; send cybercriminals\r\ninformation about an infected computer; send cybercriminals data about the applications running in a system; and\r\ndelete itself from an infected machine.\r\nUnlike the majority of its counterparts, Linux.BackDoor.Irc.16 is written in Rust, a programming language\r\nwhose creation was sponsored by Mozilla Research. Its first stable version was released in 2015.\r\nLinux.BackDoor.Irc.16 was designed to be a cross-platform Trojan—to make a version for Windows, for\r\nexample, cybercriminals can just recompile this malware program. Doctor Web’s analysts believe that\r\nhttps://news.drweb.com/show/?c=5\u0026i=10193\u0026lng=en\r\nPage 1 of 2\n\nLinux.BackDoor.Irc.16 is, in fact, a prototype (Proof of Concept), because it cannot replicate itself, and the IRC\r\nchannel used by the Trojan to receive commands from cybercriminals is not currently active.\r\nThe signature for Linux.BackDoor.Irc.16 is already in the Dr.Web for Linux database, and it is successfully\r\ndetected and removed by Doctor Web Anti-virus products.\r\nMore about this Trojan\r\n10193 en 5\r\n0\r\nDoctor Web’s Q1 2026 review of virus activity on mobile devices\r\n01.04.2026\r\nVirus reviews\r\nRead\r\nDoctor Web’s Q1 2026 virus activity review\r\n01.04.2026\r\nVirus reviews\r\nRead\r\nDr.Web for personal computers receives SKD AWARDS product excellence distinction\r\n24.03.2026\r\nCorporate news | Dr.Web products\r\nRead\r\nSource: https://news.drweb.com/show/?c=5\u0026i=10193\u0026lng=en\r\nhttps://news.drweb.com/show/?c=5\u0026i=10193\u0026lng=en\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://news.drweb.com/show/?c=5\u0026i=10193\u0026lng=en"
	],
	"report_names": [
		"?c=5\u0026i=10193\u0026lng=en"
	],
	"threat_actors": [],
	"ts_created_at": 1775791249,
	"ts_updated_at": 1775826684,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8a82021104d0fea3d6bb9d4a5d484ce25c10df0d.pdf",
		"text": "https://archive.orkl.eu/8a82021104d0fea3d6bb9d4a5d484ce25c10df0d.txt",
		"img": "https://archive.orkl.eu/8a82021104d0fea3d6bb9d4a5d484ce25c10df0d.jpg"
	}
}