Stealthy Malware Hiding Behind An Invalid Date

Uploaded on 2021-12-21 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Security researchers at e-Commerce specialist security firm Sansec have discovered a new remote access trojan (RAT) for Linux, that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day on February 31.

This new malware, dubbed CronRAT, hides in scheduled tasks on Linux servers by being set for execution, on the date that doesn't exist. 

A highly sophisticated malware targeting online stores, CronRAT is undetected by many antivirus engines.

Discovered and named by e-commerce security specialist Sansec, CronRAT is part of a growing trend in Linux server-focused Magecart malware. CronRAT is used to enable server-side Magecart data theft. The malware goes  undetected by most antivirus vendors and Sansec first reconfigured its detection engine to spot the malware after receiving samples of it to discover how it works. “Digital skimming is moving from the browser to the server and this is yet another example. Most online stores have only implemented browser-based defenses, and criminals capitalise on the unprotected back-end. Security professionals should really consider the full attack surface,” commented Sansec Director of Threat Research, Willem de Groot.

The name CronRAT is a reference to the Linux cron tool that allows admins to create scheduled jobs on a Linux system to occur on a specific time of day or a regular day of the week.   

According to Sansec, CronRAT's can hide itself in the calendar subsystem of Linux servers ("cron") on a non-existent day, enabling it to avoid attention from server administrators, as many security products do not scan the Linux cron system.  The malware drops a "sophisticated Bash program that features self-destruction, timing modulation and a custom binary protocol to communicate with a foreign control server," says Sansec.

It certainly looks like Magecart payment card card skimmers are going to be a long-term problem for e-commerce system operators.  

Sansec:       Bleeping Computer:       Oodaloop:       ZDNet:        Cybersecurity-Review

You Might Also Read: 

Old Magecart Domains Come Back To Life

 

« Protecting Your E-Commerce Business Against Ransomware Attacks
The Pentagon Needs To Change How It Does AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

National Security Services Group (NSSG) - Oman

National Security Services Group (NSSG) - Oman

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

Nagios

Nagios

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.

APIsentry

APIsentry

APIsentry is a leading provider of comprehensive API security solutions, specializing in protecting organizations from a wide range of cyber threats targeting their Application Programming Interfaces.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.

Teal

Teal

Teal provides exceptional managed IT solutions for small- to medium-sized organizations that value real partnerships and elevated security.