January 28, 2022, 11:53:32 PM

Author Topic: Linux Trojan That Takes Screenshots and Records Audio Has a Windows Brother  (Read 1664 times)

0 Members and 1 Guest are viewing this topic.

Offline Ronald

  • DS User
  • Sr. Member
  • *
  • Posts: 447
  • Attack: 100
    Defense: 100
    Attack Member
  • Gender: Male
  • One foot in the grave!
    • Senior Forums Canada
Linux Trojan That Takes Screenshots and Records Audio Has a Windows Brother

The Linux trojan that spied on users by taking screenshots of their desktop has now a Windows variant, as Kaspersky's security team has found out.

The trojan, first discovered by Dr.Web and named Linux.Ekocms, and later also identified by Sophos as Linux/Mokes-A, and then by Kaspersky as Backdoor.Linux.Mokes.a, has caused some stir in the Linux community because it was one of the first spyware threats detected in the wild on the platform.

However, things weren't as bad as initially thought. Mokes (we'll use this name to describe the trojan) only had the screenshoting ability enabled in the version that Dr.Web discovered.

The keylogger and the audio recording features were dormant, and Kaspersky's analysis released today confirms this.

The bad part is that the Kaspersky researchers also discovered a Windows variant of this trojan, which did have the keylogger component enabled.

The Windows version is similar to the Linux variant but more powerful

Under the hood, the trojan worked very much the same like its Linux counterpart. It used a list of predefined folders where it would install itself, sent small heartbeat requests to its C&C server every minute, and stored recorded data locally, which it would later upload online when the C&C server requested it.

More details:  http://news.softpedia.com/news/linux-trojan-that-takes-screenshots-and-records-audio-has-a-windows-brother-499619.shtml

Offline Skhilled

  • Administrator
  • Hero Member
  • *
  • Posts: 3625
  • Attack: 14
    Defense: 20
    Attack Member
  • Gender: Male
  • Retro Gamer!
    • Buildz Hosting
Thanks for the heads up, Ron. :)


Page created in 0.047 seconds with 26 queries.