Security News > 2021 > November > CronRAT: A New Linux Malware That’s Scheduled to Run on February 31st
Researchers have unearthed a new remote access trojan for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day.
Dubbed CronRAT, the sneaky malware "Enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said.
CronRAT's standout feature is its ability to leverage the cron job-scheduler utility for Unix to hide malicious payloads using task names programmed to execute on February 31st. Not only does this allow the malware to evade detection from security software, but it also enables it to launch an array of attack commands that could put Linux eCommerce servers at risk.
"The CronRAT adds a number of tasks to crontab with a curious date specification: 52 23 31 2 3," the researchers explained.
Armed with this backdoor access, the attackers associated with CronRAT can run any code on the compromised system, the researchers noted.
"Digital skimming is moving from the browser to the server and this is yet another example," Sansec's Director of Threat Research, Willem de Groot, said.
News URL
https://thehackernews.com/2021/11/cronrat-new-linux-malware-thats.html
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)