It is a common belief that Linux and OS X are safer against malicious attacks than Windows. However, this belief is far from the truth – Mac’s Gatekeeper is also prone to exploits, as well as Linux. Just a few days ago, the Russian security firm Dr.Web has discovered a new malicious threat endangering Linux users.
The threat has been dubbed Linux.Ekoms.1 Trojan. This is definitely bad news for Linux. In 2015, we witnessed a ransomware piece targeting Linux (Linux.Encoder.1), and Linux XOR DDoS malware. Now, evidently, Linux is also susceptible to aggressive spyware campaigns.
What Is Specific about Linux.Ekoms.1 Trojan?
As pointed out by the Russian research team, Linux.Ekoms.1 is the latest threat to endanger Linux PC users. Once installed on a victim’s machine, the Trojan is capable of taking screenshots of the desktop every 30 seconds. Needless to say, this behavior is quite aggressive and can endanger the user, particularly his valuable information, in many ways.
Linux.Ekoms.1 can upload the /tmp (temporary) folder to its server and download various files. Once activated, the Linux Trojan will also check for those two files:
If those two files are not found, Linux.Ekoms.1 saves its own copy named as one of the files above on a random basis. Then, the copy is started from a new location. If the whole process is successful, the malware will establish a connection to the server’s addresses which are hard-coded in its body. All data transferred between the server and the malware is encrypted.
Besides the ability to take screenshots of the victim’s desktop every 30 seconds, Linux.Ekoms.1 contains a feature enabling it to record sound. Fortunately, this feature hasn’t been used by cyber criminals.
Linux.Ekoms.1 shouldn’t be underestimated since it gives cyber criminals the ability to collect diverse types of sensitive information from Linux users. Unfortunately, there is still no information on how the malware threat is downloaded to a user’s machine.