According to the reports of cybersecurity researchers, a new remote access trojan (RAT) for Linux has been discovered. Reportedly, the trojan holds an invisible profile by hiding itself in various tasks that are scheduled for execution on a day that doesn’t even exist.
An example of such a day is February 31st.
Dubbed CronRAT, the malware is currently targeting web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers.According to the reports of Bleeping Computer
CronRAT is mainly targeting e-commerce websites and is undetectable by a lot of antivirus engines.
CronRAT abuses the Linux task scheduling system, cron, which allows scheduling tasks to run on non-existent days of the calendar, such as February 31st. It tries to hide in tasks like this to remain undetectable.
“The CronRAT adds a number of tasks to crontab with a curious date specification: 52 23 31 2 3. These lines are syntactically valid, but would generate a run time error when executed. However, this will never happen as they are scheduled to run on February 31st.”According to the reports of Sansec researchers
The researchers are trying very hard to find out a loophole or a weakness of the trojan to able to find it and remove it from the system.