New Linux Malware Hides in Cron Jobs with Invalid Dates

Share post:

Security researchers recently discovered a new, clever remote access trojan (RAT) for Linux that almost has an almost invisible profile by hiding in tasks that are supposed to be executed on February 31 – a day that obviously does not exist.

Known as CronRAT, the malware targets web shops and allows attackers to commit credit card data theft by using online scrapers on Linux servers.

CronRAT has problems with the Linux task scheduling system cron, which allows scheduling tasks to be performed on non-existent calendar days such as February 31.

The Linux cron system accepts dates as long as the format is valid, even if the date does not exist – which means that the task is not executed.

The Dutch cyber security firm Sansec reported that the malicious software hides a “sophisticated Bash program” in the name of planned tasks.

“The CronRAT adds tasks to crontab with a peculiar date specification: 52 23 31 2 3. These lines are syntactically valid, but would result in a runtime error when executed. However, this will never take place as they are scheduled to run on February 31st,” the Sansec researchers explain.

With the VirusTotal scan service, 58 antivirus engines did not detect it in the system.

For more information, you may view the original story from TechRepublic.


Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

London Drugs refuses to pay ransom – corporate data is leaked

London Drugs, a prominent Canadian retailer, has confirmed a data breach involving sensitive corporate head office files, following...

Cyber Security Today, May 27, 2024 – Security controversy over a new Microsoft tool, a new open source threat intelligence service, and more

Security controversy over a new Microsoft tool, a new open-source threat intelligence service, and more. Welcome to Cyber Security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways