HomeUpdateNew Linux malware found a new place to hide itself

New Linux malware found a new place to hide itself

-

Last Updated on 30/11/2021 by Anamika

According to the reports of cybersecurity researchers, a new remote access trojan (RAT) for Linux has been discovered. Reportedly, the trojan holds an invisible profile by hiding itself in various tasks that are scheduled for execution on a day that doesn’t even exist.

An example of such a day is February 31st.

Dubbed CronRAT, the malware is currently targeting web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers.

According to the reports of Bleeping Computer

CronRAT is mainly targeting e-commerce websites and is undetectable by a lot of antivirus engines.

CronRAT abuses the Linux task scheduling system, cron, which allows scheduling tasks to run on non-existent days of the calendar, such as February 31st. It tries to hide in tasks like this to remain undetectable.

“The CronRAT adds a number of tasks to crontab with a curious date specification: 52 23 31 2 3. These lines are syntactically valid, but would generate a run time error when executed. However, this will never happen as they are scheduled to run on February 31st.”

According to the reports of Sansec researchers

The researchers are trying very hard to find out a loophole or a weakness of the trojan to able to find it and remove it from the system.

Anamika
Anamika
Anamika focuses on data privacy, data policy, digital policies, and puts users' privacy first. She loves exploring new tech and spends time looking around business politics and its impact on users and small businesses.
- Advertisment -

Must Read

DirectTV streaming network will sell your data even if you don’t...

0
DirectTV is a streaming network that delivers streaming content as a service. The content is generally live sports and 14.6M+ people subscribe to their...