Malware linux-hit-with-malware-that-saves-activity-screenshots-every-30-seconds

1203 Views | Published on January 20th, 2016

Linux Hit with Malware That Saves Activity Screenshots Every 30 Seconds

A new Linux malware has been discovered which aims to help criminals steal data and spy on the PCs of infected users.

The renowned IT security software developers Dr.Web from Russia have discovered a new malwaretargeting Linux users with the ability to embed itself with JPEG file format and send a screenshot of user’s activity on the machine after every half a minute (30 seconds).

▼Advertisements

Dr Web has labelled this malware as Linux.Ekoms.1 and further revealed that once the user is infected with the malware all the online activities are sent in a shape of JPEG image to its developers. In the event, if the images can’t be saved in JPEG, Linux.Ekoms.1 looks for other file extensions and goes for BMP file format.

linux-users-hit-with-malware-that-saves-activity-screenshots-every-30-seconds
Action perform by Linux.Ekoms.1 malware / Image Source: Dr.Web

The findings publicised by the researcher confirm that this is not an ordinary malware. It generates a filtering list for the “aa*.aat”, “dd*ddt”, “kk*kkt”, “ss*sst” files that are searched in the temporary location and uploads the files that match these criteria to the server.

The cyber criminals behind this malware can also launch DDoS attack by sending commands using command and control (C&C). The C&C is a kind of external server with which software (usually a malware) communicates with for further instructions.

Linux system is considered to be more secure as compared with other operating systems like Windows and Mac OS X. However, as time passes, the Linux OS is increasingly targeted by hackers. Last month, Rekoobe malware targeted Linux users with the ability to download files from its C&C server, uploading files to the C&C server and executing commands on the local shell.

▼Advertisements

Another Linux.Encoder.1 malware in November last year was caught targeting Linux users with ransomware scam by locking their systems and demanding Bitcoins in return of full access to the machine.

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0




Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
Hook Analyser 3.2 – Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious...

Close