Stealthy backdoor found hiding in SOHO devices running Linux

June 24, 2025
Linux, OpenSource, Ubuntu

Researchers uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader shift in how China-Nexus threat actors are using Operational Relay Box (ORB) networks to hide their operations.

At the center of the operation is a custom backdoor called ShortLeash, which gives attackers root-level access and ensures persistence. Once installed, it sets up a fake Nginx web server and generates a self-signed TLS certificate spoofing the LAPD. That certificate became a key fingerprint and helped researchers trace over 1,000 infected nodes worldwide.

The post Stealthy backdoor found hiding in SOHO devices running Linux appeared first on Linux Today.

This article first appeared on Read More

Related Posts