Researchers have discovered a type of malicious code capable of giving hackers remote access to infected computers (RAT) on linux called CronRAT. It uses a method of masking actions that endanger your computer by programming them to perform such actions on February 31 – a date that cannot exist in any calendar.
“CronRAT has the ability to allow Magecarts to steal data from your PC by bypassing browser security,” according to Sansec Threat Research. The Dutch cybersecurity company said it had found malicious code on several online stores, including one of the country’s largest.
The standout feature of CronRAT is the ability to leverage the UNIX cron scheduler utility to mask the crawl actions by creating a task that is programmed to execute on February 31st. This is not only for allows malware to evade detection from security software, but also allows it to launch a series of commands that allow attacks and can cause Linux eCommerce servers to crash.
The researchers explain: “CronRAT adds some tasks to crontab and has them scheduled with a date and time on a rather special command: 52 23 31 2 3. Let’s change this to the real time and it will be Wednesday. February 31 at 23:52. These lines are syntactically valid, but will generate a runtime error when executed. However, this will never happen as they are scheduled to run on February 31st.”
CronRat also has the ability to hide itself from virus scanning software or firewalls. For example, placing malicious code behind barriers, and implementing a modified binary protocol to bypass firewalls and packet inspectors, before connecting and waiting for commands from the server.
CronRAT is equipped with Backdoor access and from there it is possible for hackers to send commands to our computer at any time.
Brothers who use linux, remember to be careful not to get caught by CronRAT, which will expose all personal data! Leave a comment below to let me know what you think about this February 31 malware!