CronRAT: A New Linux Malware That's Scheduled to Run on February 31st

Lord Boltar

Well-Known Member
Joined
Nov 24, 2020
Messages
1,489
Reaction score
967
Credits
11,047
Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said. The Dutch cybersecurity firm said it found samples of the RAT on several online stores, including an unnamed country's largest outlet.
 


Oldhabbits

Member
Joined
May 24, 2021
Messages
57
Reaction score
43
Credits
392
And all the time we thought that februari never has a 31th day !
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
4,380
Reaction score
3,855
Credits
24,337
So, does this mean the malware will never run, because there is no such day ?

Or, does it mean the execution day is simply not disclosed, and the whole article is simply meant to either keep people on their toes or to scare the crap out of them ?
 
  • Like
Reactions: TMA
OP
Lord Boltar

Lord Boltar

Well-Known Member
Joined
Nov 24, 2020
Messages
1,489
Reaction score
967
Credits
11,047
CronRAT’s main feat is hiding in the calendar subsystem of Linux servers (“cron”) on a non-existant day. This way, it will not attract attention from server administrators, after all, most administrators will not look at days that do not exist and many security products do not scan the Linux cron system. Instead, the actual malware code is hidden in the task names and is constructed using several layers of compression and base64 decoding.
You can view the decoded raw payload here - https://gist.github.com/gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f
 
Last edited:

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
4,380
Reaction score
3,855
Credits
24,337
Supreme Cleverness.
 

SpongebobFan1994

Well-Known Member
Joined
Jan 10, 2021
Messages
631
Reaction score
365
Credits
6,079
It's unfortunate that Linux has become the victim of more cyber attacks lately, with it powering so many devices, and rising in popularity on the desktop. However, let's just see how this plays out. Obviously, cyber security experts are working around the clock to keep everyone's servers safe from hackers, and as @JasKinasis said in another thread, as long as end users keep everything up to date, they're less-likely to be affected by this. Even though any Linux noob could install updates relatively easily, just the fact that Linux has been gaining the attention of hackers is what's surprising now. It still would be a good idea to have numerous FOSS operating systems become stable and available just in case there's a SHTF moment in Linux.
 

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
892
Reaction score
757
Credits
6,354
It was only a matter of time as Linux grows in usage especially in the server market. The criminals are going to try to find ways to exploit it. Just be careful as possible and keep and eye on your systems.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,446
Reaction score
3,158
Credits
32,240
Most enterprises will be using RHEL which has selinux another layer of security/protection and if they are smart they don't have that disabled.
 

Tl2038

New Member
Joined
Dec 21, 2021
Messages
12
Reaction score
16
Credits
91
At least it not on March 15. Note to self, keep using paper calendars.
 
Last edited:
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Latest posts

Top