Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users

Researchers found Rekoobe backdoor binaries exposed in open directories on 27.124.45.146:9998 (and a linked host 27.124.45.211), observed C2 activity to port 12345, and recorded two SHA-256 hashes; investigation also uncovered TradingView-typosquatting domains and additional servers sharing SSH keys (27.124.45.231, 1.32.253.2), suggesting an active malware campaign possibly tied to APT31 that merits further monitoring and containment.