Security News > 2020 > September > New Linux Malware Steals Call Details from VoIP Softswitch Systems
Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP softswitches in an attempt to steal phone call metadata.
"The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records," ESET researchers said in a Thursday analysis.
The malware starts off by attempting to locate the Softswitch configuration files from a list of predetermined directories with the goal of accessing the MySQL database credentials, which are then decrypted to query the database.
Besides scooping up basic information about compromised Linknat system, CDRThief exfiltrates details of the database and executes SQL queries directly to the MySQL database in order to capture information pertaining to system events, VoIP gateways, and call metadata.
"It seems reasonable to assume that the malware is used for cyberespionage. Another possible goal for attackers using this malware is VoIP fraud. Since the attackers obtain information about activity of VoIP softswitches and their gateways, this information could be used to perform International Revenue Share Fraud."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/dvgU82ZFCeM/linux-voip-softswitch-malware.html
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)