New Linux Malware Hides in Cron Jobs with Invalid Dates

Share post:

Security researchers recently discovered a new, clever remote access trojan (RAT) for Linux that almost has an almost invisible profile by hiding in tasks that are supposed to be executed on February 31 – a day that obviously does not exist.

Known as CronRAT, the malware targets web shops and allows attackers to commit credit card data theft by using online scrapers on Linux servers.

CronRAT has problems with the Linux task scheduling system cron, which allows scheduling tasks to be performed on non-existent calendar days such as February 31.

The Linux cron system accepts dates as long as the format is valid, even if the date does not exist – which means that the task is not executed.

The Dutch cyber security firm Sansec reported that the malicious software hides a “sophisticated Bash program” in the name of planned tasks.

“The CronRAT adds tasks to crontab with a peculiar date specification: 52 23 31 2 3. These lines are syntactically valid, but would result in a runtime error when executed. However, this will never take place as they are scheduled to run on February 31st,” the Sansec researchers explain.

With the VirusTotal scan service, 58 antivirus engines did not detect it in the system.

For more information, you may view the original story from TechRepublic.



Related articles

Microsoft to block emails from “Persistently Vulnerable Exchange Servers”

Microsoft has announced a new security feature for Exchange Online that will gradually throttle and eventually block emails...

Pinduoduo removed from Google Play Store after cyberattack

According to security researchers at Lookout, Pinduoduo has been involved in a complex malware attack through its application,...

Twitter source code leaked, demands GitHub reveal who posted it there

New York Times says the code posted on GitHub had been there for months. raising securit

Okta’s login flaw exposes users to attack, says Mitiga

According to Mitiga, Okta's login system contains a simple error that could expose its users to future attacks. Users...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways