Home > Cyber News > Linux.Ekoms.1 Trojan Takes Screenshots and Records Audio

Linux.Ekoms.1 Trojan Takes Screenshots and Records Audio

trojanIt is a common belief that Linux and OS X are safer against malicious attacks than Windows. However, this belief is far from the truth – Mac’s Gatekeeper is also prone to exploits, as well as Linux. Just a few days ago, the Russian security firm Dr.Web has discovered a new malicious threat endangering Linux users.

The threat has been dubbed Linux.Ekoms.1 Trojan. This is definitely bad news for Linux. In 2015, we witnessed a ransomware piece targeting Linux (Linux.Encoder.1), and Linux XOR DDoS malware. Now, evidently, Linux is also susceptible to aggressive spyware campaigns.

What Is Specific about Linux.Ekoms.1 Trojan?

As pointed out by the Russian research team, Linux.Ekoms.1 is the latest threat to endanger Linux PC users. Once installed on a victim’s machine, the Trojan is capable of taking screenshots of the desktop every 30 seconds. Needless to say, this behavior is quite aggressive and can endanger the user, particularly his valuable information, in many ways.

Linux.Ekoms.1 can upload the /tmp (temporary) folder to its server and download various files. Once activated, the Linux Trojan will also check for those two files:

  • $HOME/$DATA/.mozilla/firefox/profiled
  • $HOME/$DATA/.dropbox/DropboxCache

If those two files are not found, Linux.Ekoms.1 saves its own copy named as one of the files above on a random basis. Then, the copy is started from a new location. If the whole process is successful, the malware will establish a connection to the server’s addresses which are hard-coded in its body. All data transferred between the server and the malware is encrypted.

Besides the ability to take screenshots of the victim’s desktop every 30 seconds, Linux.Ekoms.1 contains a feature enabling it to record sound. Fortunately, this feature hasn’t been used by cyber criminals.

Linux.Ekoms.1 shouldn’t be underestimated since it gives cyber criminals the ability to collect diverse types of sensitive information from Linux users. Unfortunately, there is still no information on how the malware threat is downloaded to a user’s machine.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree