CronRAT: A New Linux Malware That's Scheduled to Run on February 31st

Lord Boltar

Well-Known Member
Joined
Nov 24, 2020
Messages
1,186
Reaction score
793
Credits
8,767
Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said. The Dutch cybersecurity firm said it found samples of the RAT on several online stores, including an unnamed country's largest outlet.
 


Oldhabbits

Member
Joined
May 24, 2021
Messages
43
Reaction score
39
Credits
302
And all the time we thought that februari never has a 31th day !
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
3,997
Reaction score
3,575
Credits
20,557
So, does this mean the malware will never run, because there is no such day ?

Or, does it mean the execution day is simply not disclosed, and the whole article is simply meant to either keep people on their toes or to scare the crap out of them ?
 
  • Like
Reactions: TMA
OP
Lord Boltar

Lord Boltar

Well-Known Member
Joined
Nov 24, 2020
Messages
1,186
Reaction score
793
Credits
8,767
CronRAT’s main feat is hiding in the calendar subsystem of Linux servers (“cron”) on a non-existant day. This way, it will not attract attention from server administrators, after all, most administrators will not look at days that do not exist and many security products do not scan the Linux cron system. Instead, the actual malware code is hidden in the task names and is constructed using several layers of compression and base64 decoding.
You can view the decoded raw payload here - https://gist.github.com/gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f
 
Last edited:

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
3,997
Reaction score
3,575
Credits
20,557
Supreme Cleverness.
 

SpongebobFan1994

Well-Known Member
Joined
Jan 10, 2021
Messages
575
Reaction score
316
Credits
5,526
It's unfortunate that Linux has become the victim of more cyber attacks lately, with it powering so many devices, and rising in popularity on the desktop. However, let's just see how this plays out. Obviously, cyber security experts are working around the clock to keep everyone's servers safe from hackers, and as @JasKinasis said in another thread, as long as end users keep everything up to date, they're less-likely to be affected by this. Even though any Linux noob could install updates relatively easily, just the fact that Linux has been gaining the attention of hackers is what's surprising now. It still would be a good idea to have numerous FOSS operating systems become stable and available just in case there's a SHTF moment in Linux.
 

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
637
Reaction score
565
Credits
4,471
It was only a matter of time as Linux grows in usage especially in the server market. The criminals are going to try to find ways to exploit it. Just be careful as possible and keep and eye on your systems.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,141
Reaction score
2,888
Credits
29,893
Most enterprises will be using RHEL which has selinux another layer of security/protection and if they are smart they don't have that disabled.
 

Tl2038

New Member
Joined
Dec 21, 2021
Messages
12
Reaction score
16
Credits
91
At least it not on March 15. Note to self, keep using paper calendars.
 
Last edited:
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Staff online


Top