New Trojan Spies on Linux Users by Taking Screenshots and Recording Audio

[frogboy]

Content source

http://news.softpedia.com/news/new-trojan-spies-on-linux-users-by-taking-screenshots-and-recording-audio-499113.shtml

Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users, the Linux.Ekocms.1 trojan, which includes special features that allow it to take screengrabs and record audio.

Discovered four days ago, Linux.Ekocms is only the latest threat targeting Linux PCs, after the Linux.Encoder ransomware family and the Linux XOR DDoS malware had caused a large number of issues last autumn and put a dent in Linux's status as impermeable when it comes to malware infections.

Linux.Ekocms takes a screenshot every 30 seconds
According to Dr.Web, this particular trojan is part of the spyware family and was specially crafted to take a screenshot of the user's desktop every 30 seconds.

In most cases, screenshot files are always saved to the same two folders, but if the folders don't exist, the trojan will create its own when needed.

Full article. New Trojan Spies on Linux Users by Taking Screenshots and Recording Audio

 

[OokamiCreed]

Dr.Web malware specialists have not disclosed how this malware infects Linux computers.

Wish they would disclose such information. After all, I'm not anywhere near as good with Linux like I am with Windows. Last thing I need is a user aided mistake to flick a switch and screw my Manjaro up. Not like it's simple to backup Linux OS (as far as I know).

Despite the presence of an audio recording feature in its codebase, Dr.Web says that this functionality was never active in the trojan's normal operation.

Well some good news at least. Thinking maybe that could be noticeable in many ways. Upload monitoring via Conky, etc would give you a heads up that something is using internet when it shouldn't be. File system would get smaller. If you watch directories were the malware happens to be exporting its audio to, it's another dead giveaway.

 

[LabZero]

According to Dr.Web, this particular trojan is part of the spyware family and was specially crafted to take a screenshot of the user's desktop every 30 seconds.

The danger of this threat is high: the attackers may have access to sensitive information, including credit card details if the screenshot is saved during a online purchase or in the online banking process.

 

[Deleted member 178]

It was expected; since the "win10 hate trend" , more users start to use Linux and of course their lack of knowledge about it is Heaven for malware writers.

 

[frogboy]

It was expected; since the "win10 hate trend" , more users start to use Linux and of course their lack of knowledge about it is Heaven for malware writers.

A very good point right there.

 

[jamescv7]

Linux threats nowadays are indeed deadlier and nastier than the presence on Windows as we all know there are a lot of factors brought the influence which pretty obvious already.