Malware linux-hit-with-malware-that-saves-activity-screenshots-every-30-seconds

Published on January 20th, 2016 | 1,194 views Post Views

Linux Hit with Malware That Saves Activity Screenshots Every 30 Seconds

A new Linux malware has been discovered which aims to help criminals steal data and spy on the PCs of infected users.

The renowned IT security software developers Dr.Web from Russia have discovered a new malwaretargeting Linux users with the ability to embed itself with JPEG file format and send a screenshot of user’s activity on the machine after every half a minute (30 seconds).


Dr Web has labelled this malware as Linux.Ekoms.1 and further revealed that once the user is infected with the malware all the online activities are sent in a shape of JPEG image to its developers. In the event, if the images can’t be saved in JPEG, Linux.Ekoms.1 looks for other file extensions and goes for BMP file format.

Action perform by Linux.Ekoms.1 malware / Image Source: Dr.Web

The findings publicised by the researcher confirm that this is not an ordinary malware. It generates a filtering list for the “aa*.aat”, “dd*ddt”, “kk*kkt”, “ss*sst” files that are searched in the temporary location and uploads the files that match these criteria to the server.

The cyber criminals behind this malware can also launch DDoS attack by sending commands using command and control (C&C). The C&C is a kind of external server with which software (usually a malware) communicates with for further instructions.

Linux system is considered to be more secure as compared with other operating systems like Windows and Mac OS X. However, as time passes, the Linux OS is increasingly targeted by hackers. Last month, Rekoobe malware targeted Linux users with the ability to download files from its C&C server, uploading files to the C&C server and executing commands on the local shell.


Another Linux.Encoder.1 malware in November last year was caught targeting Linux users with ransomware scam by locking their systems and demanding Bitcoins in return of full access to the machine.

(Visited 285 times, 1 visits today)

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
How websites Store your Password in their Database

You’ve no doubt heard about all the sites that have gotten compromised in the last year(2016), but what happens when...