Security News > 2020 > September > New Linux Malware Steals Call Details from VoIP Softswitch Systems

New Linux Malware Steals Call Details from VoIP Softswitch Systems
2020-09-11 05:05

Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP softswitches in an attempt to steal phone call metadata.

"The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records," ESET researchers said in a Thursday analysis.

The malware starts off by attempting to locate the Softswitch configuration files from a list of predetermined directories with the goal of accessing the MySQL database credentials, which are then decrypted to query the database.

Besides scooping up basic information about compromised Linknat system, CDRThief exfiltrates details of the database and executes SQL queries directly to the MySQL database in order to capture information pertaining to system events, VoIP gateways, and call metadata.

"It seems reasonable to assume that the malware is used for cyberespionage. Another possible goal for attackers using this malware is VoIP fraud. Since the attackers obtain information about activity of VoIP softswitches and their gateways, this information could be used to perform International Revenue Share Fraud."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/dvgU82ZFCeM/linux-voip-softswitch-malware.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232