HomeTechnologyCronRAT: malware hiding in Cron jobs of… February 31

CronRAT: malware hiding in Cron jobs of… February 31

Based on a Sansec report, Bleeping Computer explains that it is a Remote Access Trojan (RAT) that targets “ online stores and allows attackers to steal payment card data ”.

The malware developers use a new technique to hide: syntactically valid lines for a Cron job (therefore accepted by the system ), “ but which would generate an error during their execution. However, this never happens since it should take place on 31 February ” , a date that does not exist (during leap years, February has only 29 days).

The code, hidden under several layers of compression and encoding, “ includes self-destruct, synchronization commands and a custom protocol that allows communication with a remote server “. In the end, the risk is high since hackers can remotely execute any command on the compromised system.

Subscribe to TheConservativeNut Newsletter.