Linux Trojan Takes Screenshots And Captures Audio

Security researchers have found a new Linux Trojan capable of taking screenshots of infected systems and even recording sound.

Russian anti-virus firm Dr Web says that once the  ‘Linux.Ekoms.1’ malware is launched it checks for two specific files – one related to Dropbox and another related to Firefox. If it finds neither of the files, it makes a copy of itself and launches from a new directory.

“If the launch is successful, Linux.Ekoms.1 connects to the server whose addresses are hard-coded in its body,” said the company. “All information transmitted between the server and Linux.Ekoms.1 is encrypted. The encryption is initially performed using the public key; and the decryption is executed by implementing the RSA_public_decrypt function to the received data.

Linux Trojan

“Every 30 seconds the service takes a screenshot and saves it to a temporal folder in the JPEG format with a name in the ss%d-%s.sst format, where %s is a timestamp. If the file is not saved, the Trojan tries to save it in the BMP format.”

The ability to take screenshots could allow malicious attackers to steal sensitive corporate information and pose privacy risks to consumers. The Trojan is also capable of audio capture, but the researchers said they had seen no evidence of this action being taken.

“Along with the ability of screenshot taking, the Trojan has the AbAudioCapture special class to record sound and save it with the name of aa-%d-%s.aat in the WAV format. However, in fact, this feature is not used anywhere,” they said.

Jim Zemlin, executive director of the Linux Foundation, has said that security issues are threating a “global age of open source”. The Foundation is spearheading a number of initiatives to improve matters following the discovery of the Heartbleed, Poodle and Shellshock vulnerabilities, with financial support from major names in the technology industry.

However, experts say malware is becoming an increasing problem for Linux users.

“Malware is become a more frequent occurrence on machines running Linux,” said security expert Graham Cluely. “It’s not at all unusual to find Linux servers that have been hijacked into botnets, and recently ransomware has begun to rear its ugly head on the platform.”

What do you know about Linux? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

14 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

16 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

17 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

18 hours ago