New Showboat Linux Malware Targets Global Telecommunications

Researchers uncovered a stealthy, modular Linux backdoor called "Showboat" used in a long-running espionage campaign against telecommunications providers across multiple regions since at least mid-2022; the toolkit provides remote shells, file transfer, SOCKS5 proxying, hides execution via library manipulation, and stores configuration encrypted (XOR key: 'look me, AV!'). Analysts traced C2 infrastructure with geographic correlations to Chengdu and other regional nodes, observed domain impersonation of telecom brands, and reported compromises of ISPs and servers (including C2 IP 194.135.25.132), recommending perimeter hardening, internal traffic monitoring, process audits, and stricter firewall rules to detect and disrupt the campaign.