Linux new Trojan Ekocms exposure: screenshots taken every 30 seconds

Linux new Trojan Ekocms exposure: screenshots taken every 30 seconds

Dr. Web, a Russian software vendor, recently discovered the Linux platform's new Trojan Linux. Ekocms.1. From the trojan samples, the Trojan can take screenshots and record audio files and send them to a remote server.

Specifically, this Trojan can perform screenshot tasks on infected computers and send them to remote servers every 30 seconds. These are saved in two identical folders first, but if these folders do not exist, Trojan will create them as needed.

If your Linux OS does not have a software killer installed, you can directly go to the following two folders to check whether you have been infected and captured:

-$ HOME/$ DATA/. mozilla/firefox/profiled

-$ HOME/$ DATA/. dropbox/DropboxCache

The default screenshot image file format is JPEG, and the file name contains the screenshot time. If your computer cannot save images in this format, Trojan horses will be saved in BPM format. These will be encrypted and uploaded to the remote server. Therefore, it is difficult for a third-party tool to use a reverse tool to crack Trojan behavior.

Although the audio recording content is found in the Trojan code, this function has not been used yet. Since Dr. Web first discovered this trojan, this Trojan can be removed from the Linux platform. Therefore, users infected with this Trojan can try to use this software to clean up the system. (Via: Softpedia)

This article permanently updates the link address: