Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

**Showboat** is a modular Linux backdoor with rootkit-like capabilities (remote shell, file transfer, SOCKS5 proxy, process hiding) observed in a campaign since mid-2022 targeting a Middle Eastern telecommunications provider and attributed to China-linked actors such as Calypso/Red Lamassu; the report also documents a Windows DLL side-loading implant (JFMBackdoor), C2 infrastructure ties (including X.509 reuse and Pastebin-hosted code), and confirmed compromises in Afghanistan and Azerbaijan with additional related infrastructure pointing to U.S. and Ukrainian compromises.