Linux virus cunningly hidden behind occurrences of February 31st

Share This Post

Also, many security products do not scan the Linux cron system. Sansec claims to have seen multiple cases where CronRAT helped attackers inject the Magecart payment skimmer into the server-side code of e-commerce platforms.

The attackers used a novel approach to hide the Magecart malware  in the Linux calendar system on the invalid date of February 31st. Dubbed his CronRAT by a Sansec cybersecurity researcher, the malware was spotted on multiple online stores  just before the Black Friday online shopping frenzy. “CronRAT’s main function is to hide in the Linux server’s calendar subsystem (“Cron”) on nonexistent days. That way it won’t attract the attention of the server admin.

Highlights

  • On startup, the malware connects to its control server through another “exotic feature” in the Linux kernel that allows TCP communication through files. It then performs multiple actions to create a persistent backdoor to the compromised server, essentially allowing the CronRAT operator to execute arbitrary code on the server.

  • new approach
    Sansec explains that the attackers are taking advantage of the fact that the Linux cron system can schedule tasks on any date, as long as it’s in a valid format. Attackers use this “feature” to insert her CronRAT on invalid dates. Researchers note that CronRAT hides a “sophisticated bash program”. The program uses various techniques such as self-destruction, timing adjustments, and custom binary protocols to communicate with an externally controlled server to do its malicious business without frightening the administrator.

“Digital skimming is moving from the browser to the server, and this is another example. Most online stores only implement browser-based defenses, and criminals exploit unprotected backends. Security professionals need to seriously consider the entire attack surface,” said Willem de Groot, director of threat research at Sansec.

Read More:

Partnership Between Mitsubishi Electric and Nozomi Networks Strengthens Operational Technology Security Business

Mitsubishi Electric and Nozomi Networks Partnership Mitsubishi Electric and Nozomi...

Solidion Technology Inc. Completes $3.85 Million Private Placement Transaction

**Summary:** 1. Solidion TechnologyInc. has announced a private placement deal...

Analyzing the Effects of the EU’s AI Act on Tech Companies in the UK

Breaking Down the Impact of the EU’s AI Act...

Tech in Agriculture: Roundtable Discusses Innovations on the Ranch

Summary of Tech on the Ranch Roundtable Discussion: ...

Are SMEs Prioritizing Tech Investments Over Security Measures?

SMEs Dive Into Tech Investments, But Are...

Spotify Introduces Music Videos for Premium Members in Chosen Markets

3 Summaries of Spotify Unveils Music Videos for Premium...

Shearwater to Monitor Production at Equinor’s Two Oil Platforms

Shearwater GeoServices secures 4D monitoring projects from Equinor for...

Regaining Europe’s Competitive Edge in Innovation: Addressing the Innovation Lag

Europe’s Innovation Lag: How Can We Regain Our Competitive...

Related Posts

Government Warns of AI-Generated Content: Learn More about the Issue

Government issued an advisory on AI-generated content. All AI-generated content...

Africa Faces Internet Crisis: Extensive Outage Expected to Last for Months, Hardest-Hit Nations Identified

Africa’s Internet Crisis: Massive Outage Could Last Months, These...

FTC Investigates Reddit for AI Content Licensing Practices

FTC is investigating Reddit's plans...

Journalists Criticize AI Hype in Media

Summary Journalists are contributing to the hype and...