The most common answer to the age old question is probably no. We as a community of security practitioners may have to update our position on this one given the latest findings in terms of Turla. A stealth trojan that steals data from systems. Turla is not exclusive to Linux, it is also available in its Windows variant but the ultimate goal is the same.

Hard to detect but with some behaviors that make detection possible. For instance outgoing traffic to 80.248.65.183 or the string “TREX_PID=%u” and “Remote VS is empty !” will help you identify the culprit.

Have your SIEMS or use our old friend grep or yara to look for these. Keep in ind that Turla is considered a sophisticated advanced persistent threat (APT).

Happy trojan hunting.