A recent report released by Doctor Web has detected a new Trojan for Linux users. The Trojan named as the Linux.Ekocms.1 reportedly takes the screenshots, download different files on the compromised machine and helps the hackers spy on the users.
Linux Trojan
According to the report released by security firm, the screenshots taken by this Linux Trojan are saved in the JPEG/BMP format with .sst extension in a temporary folder of the compromised system. Further detailed analysis by the security form reports that the Trojan not just takes the screenshots but also record the audio and save it as a .aat file in WAV format in the same folder.
Some other files with extensions like .ddt and .kkt are also saved in this temporary folder, which proves that this Trojan targets other content as well.
Linux.Ekoms.1 Trojan once launched checks whether the home directory contains files with specified names. If the Trojan fails to find any such specified files, it saves its own copy with one of the above mentioned file extensions randomly chosen.
The reported Trojan Linux.Ekocms also use the Command and Control server at regular intervals and upload all the screenshots. The Trojan operations and files transmitted are done via an encrypted connection.
However, there is no detailed information revealed about how LinuxEkkocms.1 infects Linux PCs but Dr. Web reports that it is a powerful reconnaissance tool which allows attackers to keep an eye on websites visited by the Linux users and tools used by them.
You can learn more about this Trojan via Dr. Web’s report.
A number of security blogs this week have had members posit that it probably results from a one or more compromised ppa’s; I tend to agree. But that’s not yet to say the entire world of Linux is about to crumble; there are so many derivatives of Ubuntu alone, for example, some of which never rose above obscurity; some current Linux versions have very small user bases and irregular MDM management; some ppas themselves have just sat around updated annually or longer. If one doesn’t have extreme IT experience and wants to use Linux, it’s best to start with long term service (LTS) versions, like Mint or Ubuntu or Ubuntu derivatives other than Mint…but even then, for example, Mint’s native package manager contains Blender 2,69 yet current is 2.76b, so one has to hope hackers didn’t compromise 2,69’s ppa, and do homework checking the reputation of third-party ppa’s offering the current version of Blender (or anything else). Linux isn’t invulnerable, just vulnerable in ways different from Windows or OSX. Cheers!