A recent report released by Doctor Web has detected a new Trojan for Linux users. The Trojan named as the Linux.Ekocms.1 reportedly takes the screenshots, download different files on the compromised machine and helps the hackers spy on the users.
According to the report released by security firm, the screenshots taken by this Linux Trojan are saved in the JPEG/BMP format with .sst extension in a temporary folder of the compromised system. Further detailed analysis by the security form reports that the Trojan not just takes the screenshots but also record the audio and save it as a .aat file in WAV format in the same folder.
Some other files with extensions like .ddt and .kkt are also saved in this temporary folder, which proves that this Trojan targets other content as well.
Linux.Ekoms.1 Trojan once launched checks whether the home directory contains files with specified names. If the Trojan fails to find any such specified files, it saves its own copy with one of the above mentioned file extensions randomly chosen.
The reported Trojan Linux.Ekocms also use the Command and Control server at regular intervals and upload all the screenshots. The Trojan operations and files transmitted are done via an encrypted connection.
However, there is no detailed information revealed about how LinuxEkkocms.1 infects Linux PCs but Dr. Web reports that it is a powerful reconnaissance tool which allows attackers to keep an eye on websites visited by the Linux users and tools used by them.
You can learn more about this Trojan via Dr. Web’s report.