Posted on 01/20/2016 8:26:27 PM PST by Utilizer
Security is something that is always on the minds of users these days, and that includes those who use Linux. TechWeek Europe has a disturbing article about a Linux trojan that captures audio and takes screenshots.
It remains to be seen how widespread this Trojan is among Linux users and what the exact attack vector is for it.
Steve McCaskill reports for TechWeek Europe:
Security researchers have found a new Linux Trojan capable of taking screenshots of infected systems and even recording sound.
Russian anti-virus firm Dr Web says that once the Linux.Ekoms.1 malware is launched it checks for two specific files – one related to Dropbox and another related to Firefox. If it finds neither of the files, it makes a copy of itself and launches from a new directory.
"If the launch is successful, Linux.Ekoms.1 connects to the server whose addresses are hard-coded in its body," said the company. "All information transmitted between the server and Linux.Ekoms.1 is encrypted. The encryption is initially performed using the public key; and the decryption is executed by implementing the RSA_public_decrypt function to the received data.
"Every 30 seconds the service takes a screenshot and saves it to a temporal folder in the JPEG format with a name in the ss%d-%s.sst format, where %s is a timestamp. If the file is not saved, the Trojan tries to save it in the BMP format."
(Excerpt) Read more at infoworld.com ...
Bookmarking.
They really should tell us the server so we can block it at the router.
Sorry, minor correction”
“- one related to Dropbox and another related to Firefox.”
Apologies for the strange-character mistake.
This should be a capital offense.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.