Based on a Sansec report, Bleeping Computer explains that it is a Remote Access Trojan (RAT) that targets “ online stores and allows attackers to steal payment card data ”.
The malware developers use a new technique to hide: syntactically valid lines for a Cron job (therefore accepted by the system ), “ but which would generate an error during their execution. However, this never happens since it should take place on 31 February ” , a date that does not exist (during leap years, February has only 29 days).
The code, hidden under several layers of compression and encoding, “ includes self-destruct, synchronization commands and a custom protocol that allows communication with a remote server “. In the end, the risk is high since hackers can remotely execute any command on the compromised system.
