Security News > 2020 > September > New Linux Malware Steals Call Details from VoIP Softswitch Systems
Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP softswitches in an attempt to steal phone call metadata.
"The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records," ESET researchers said in a Thursday analysis.
The malware starts off by attempting to locate the Softswitch configuration files from a list of predetermined directories with the goal of accessing the MySQL database credentials, which are then decrypted to query the database.
Besides scooping up basic information about compromised Linknat system, CDRThief exfiltrates details of the database and executes SQL queries directly to the MySQL database in order to capture information pertaining to system events, VoIP gateways, and call metadata.
"It seems reasonable to assume that the malware is used for cyberespionage. Another possible goal for attackers using this malware is VoIP fraud. Since the attackers obtain information about activity of VoIP softswitches and their gateways, this information could be used to perform International Revenue Share Fraud."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/dvgU82ZFCeM/linux-voip-softswitch-malware.html
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)