Malware
Horse Shell
Checkpoint Research describes this as part of a custom firmware image affiliated with the Chinese state-sponsored actor “Camaro Dragon”, a custom MIPS32 ELF implant.
Horse Shell is a Linux malware family.
Background
Checkpoint Research attributes this custom MIPS32 ELF implant to a tailored firmware image tied to the Chinese state-sponsored group “Camaro Dragon”. HorseShell is the primary implant the attackers embed in the altered firmware, and it grants them three core capabilities:
- Remote shell: Execution of arbitrary shell commands on the infected router
- File transfer: Upload and download files to and from the infected router.
- SOCKS tunneling: Relay communication between different clients.
Source: Malpedia (Fraunhofer FKIE).