Security Disclosure: MakuluLinux Backdoor

DRANK

← Back to WeRAIThe MakuluLinux operating system installs a binary that establishes a persistent connection to a command-and-control server owned by the developer. This is not a third-party compromise. The backdoor is embedded in the OS installer itself.The Evidence Chain1install-script.bin (the OS installer) copies /usr/share/MakuluSetup/files/check.bin to /usr/bin/check.bin↓2Creates autostart entry disguised as "System Health Check" with 30-second delay↓3check.bin (9.5MB stripped ELF) establishes persistent TCP connection to 217.77.8.210:2006↓4That IP resolves to makulu.online — the developer's own domain↓5Installer error handling: "One or more critical final file operations (startup/check.bin) failed" — it's a critical install componentInfrastructureAssetIPHostingRegistrantC2 Server217.77.8.210:2006Contabo GmbH, DEGermanymakulu.online217.77.8.210Contabo GmbHDa Nang, Vietnammakululinux.eu207.180.233.66Contabo GmbHRedactedmakululinux.com64.20.42.243Trouble-free.netEastern Cape,…