Linux Trojan Takes Screenshots And Captures Audio

Security researchers have found a new Linux Trojan capable of taking screenshots of infected systems and even recording sound.

Russian anti-virus firm Dr Web says that once the  ‘Linux.Ekoms.1’ malware is launched it checks for two specific files – one related to Dropbox and another related to Firefox. If it finds neither of the files, it makes a copy of itself and launches from a new directory.

“If the launch is successful, Linux.Ekoms.1 connects to the server whose addresses are hard-coded in its body,” said the company. “All information transmitted between the server and Linux.Ekoms.1 is encrypted. The encryption is initially performed using the public key; and the decryption is executed by implementing the RSA_public_decrypt function to the received data.

Linux Trojan

“Every 30 seconds the service takes a screenshot and saves it to a temporal folder in the JPEG format with a name in the ss%d-%s.sst format, where %s is a timestamp. If the file is not saved, the Trojan tries to save it in the BMP format.”

The ability to take screenshots could allow malicious attackers to steal sensitive corporate information and pose privacy risks to consumers. The Trojan is also capable of audio capture, but the researchers said they had seen no evidence of this action being taken.

“Along with the ability of screenshot taking, the Trojan has the AbAudioCapture special class to record sound and save it with the name of aa-%d-%s.aat in the WAV format. However, in fact, this feature is not used anywhere,” they said.

Jim Zemlin, executive director of the Linux Foundation, has said that security issues are threating a “global age of open source”. The Foundation is spearheading a number of initiatives to improve matters following the discovery of the Heartbleed, Poodle and Shellshock vulnerabilities, with financial support from major names in the technology industry.

However, experts say malware is becoming an increasing problem for Linux users.

“Malware is become a more frequent occurrence on machines running Linux,” said security expert Graham Cluely. “It’s not at all unusual to find Linux servers that have been hijacked into botnets, and recently ransomware has begun to rear its ugly head on the platform.”

What do you know about Linux? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

7 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

8 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

8 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

9 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

9 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

10 hours ago