Linux.Ekoms.1 Trojan Takes Screenshots and Records Audio - How to, Technology and PC Security Forum | SensorsTechForum.com

Linux.Ekoms.1 Trojan Takes Screenshots and Records Audio

trojanIt is a common belief that Linux and OS X are safer against malicious attacks than Windows. However, this belief is far from the truth – Mac’s Gatekeeper is also prone to exploits, as well as Linux. Just a few days ago, the Russian security firm Dr.Web has discovered a new malicious threat endangering Linux users.

The threat has been dubbed Linux.Ekoms.1 Trojan. This is definitely bad news for Linux. In 2015, we witnessed a ransomware piece targeting Linux (Linux.Encoder.1), and Linux XOR DDoS malware. Now, evidently, Linux is also susceptible to aggressive spyware campaigns.

What Is Specific about Linux.Ekoms.1 Trojan?

As pointed out by the Russian research team, Linux.Ekoms.1 is the latest threat to endanger Linux PC users. Once installed on a victim’s machine, the Trojan is capable of taking screenshots of the desktop every 30 seconds. Needless to say, this behavior is quite aggressive and can endanger the user, particularly his valuable information, in many ways.

Linux.Ekoms.1 can upload the /tmp (temporary) folder to its server and download various files. Once activated, the Linux Trojan will also check for those two files:

  • $HOME/$DATA/.mozilla/firefox/profiled
  • $HOME/$DATA/.dropbox/DropboxCache

If those two files are not found, Linux.Ekoms.1 saves its own copy named as one of the files above on a random basis. Then, the copy is started from a new location. If the whole process is successful, the malware will establish a connection to the server’s addresses which are hard-coded in its body. All data transferred between the server and the malware is encrypted.

Besides the ability to take screenshots of the victim’s desktop every 30 seconds, Linux.Ekoms.1 contains a feature enabling it to record sound. Fortunately, this feature hasn’t been used by cyber criminals.

Linux.Ekoms.1 shouldn’t be underestimated since it gives cyber criminals the ability to collect diverse types of sensitive information from Linux users. Unfortunately, there is still no information on how the malware threat is downloaded to a user’s machine.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.