{"id":252069,"date":"2026-05-21T14:17:00","date_gmt":"2026-05-21T18:17:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms\/"},"modified":"2026-05-22T01:30:12","modified_gmt":"2026-05-22T05:30:12","slug":"introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms\/","title":{"rendered":"Introducing Showboat: A new malware family taunts defenses and targets international telecom firms"},"content":{"rendered":"<p><a href=\"https:\/\/www.lumen.com\/blog\/en-us\/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms\">Introducing Showboat: A new malware family taunts defenses and targets international telecom firms<\/a><\/p>\n<p><a href=\"https:\/\/www.lumen.com\/blog\/en-us\/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms\">https:\/\/www.lumen.com\/blog\/en-us\/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-21 14:17:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.lumen.com\">www.lumen.com<\/a><\/p>\n<p>Black Lotus Labs\u00ae, the threat research team at Lumen, has uncovered a previously unreported Linux malware family called Showboat, used in a campaign targeting telecommunications organizations across multiple regions. In this post, we break down how the malware works, what our telemetry reveals about the infrastructure behind it, and why these findings matter for defenders tracking persistent threats against critical networks.<\/p>\n<h2 id=\"key-findings\">Key findings<\/h2>\n<ul>\n<li>Black Lotus Labs identified a new Linux malware family we dubbed \u201cShowboat.\u201d The campaign has been active since at least mid-2022.<\/li>\n<li>Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files and functioning as a Socks5 proxy.<\/li>\n<li>Multiple threat clusters aligned with the People\u2019s Republic of China (PRC) have been observed using the same post-exploitation frameworks and techniques in recent years. Showboat was in use by at least one, and likely several, PRC-aligned threat activity clusters.<\/li>\n<li>The campaign impacted a telecommunications provider in the Middle East and impersonated telecom firms in Southeast Asia.<\/li>\n<li>Black Lotus Labs collaborated with PricewaterhouseCoopers\u2019 Threat Intelligence teams through the research process. We will continue to hunt for samples of this and similar malware to protect our customers and critical infrastructure.<\/li>\n<\/ul>\n<h2 id=\"research-overview\">Research overview<\/h2>\n<p>Black Lotus Labs discovered a new malware family we have dubbed \u201cShowboat.\u201d Technical artifacts suggest that this campaign has been ongoing since at least mid-2022. Analysis of the malware revealed functions that allow its process to be hidden from system administrators, transfer files and perform Socks5 proxy functions, allowing it to interact with machines deeper within the network. We believe this is the first public reporting of this toolset, one which highlights the persistent targeting of&#8230;<\/p>\n<p><a href=\"https:\/\/www.lumen.com\/blog\/en-us\/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introducing Showboat: A new malware family taunts defenses and targets international telecom firms https:\/\/www.lumen.com\/blog\/en-us\/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":252070,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.lumen.com\/blog\/icons\/lumen_thumbnail.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[71,32],"class_list":["post-252069","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252069"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=252069"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252069\/revisions"}],"predecessor-version":[{"id":252071,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252069\/revisions\/252071"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/252070"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=252069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=252069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=252069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}