Stealthy Malware Hiding Behind An Invalid Date

Uploaded on 2021-12-21 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Security researchers at e-Commerce specialist security firm Sansec have discovered a new remote access trojan (RAT) for Linux, that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day on February 31.

This new malware, dubbed CronRAT, hides in scheduled tasks on Linux servers by being set for execution, on the date that doesn't exist. 

A highly sophisticated malware targeting online stores, CronRAT is undetected by many antivirus engines.

Discovered and named by e-commerce security specialist Sansec, CronRAT is part of a growing trend in Linux server-focused Magecart malware. CronRAT is used to enable server-side Magecart data theft. The malware goes  undetected by most antivirus vendors and Sansec first reconfigured its detection engine to spot the malware after receiving samples of it to discover how it works. “Digital skimming is moving from the browser to the server and this is yet another example. Most online stores have only implemented browser-based defenses, and criminals capitalise on the unprotected back-end. Security professionals should really consider the full attack surface,” commented Sansec Director of Threat Research, Willem de Groot.

The name CronRAT is a reference to the Linux cron tool that allows admins to create scheduled jobs on a Linux system to occur on a specific time of day or a regular day of the week.   

According to Sansec, CronRAT's can hide itself in the calendar subsystem of Linux servers ("cron") on a non-existent day, enabling it to avoid attention from server administrators, as many security products do not scan the Linux cron system.  The malware drops a "sophisticated Bash program that features self-destruction, timing modulation and a custom binary protocol to communicate with a foreign control server," says Sansec.

It certainly looks like Magecart payment card card skimmers are going to be a long-term problem for e-commerce system operators.  

Sansec:       Bleeping Computer:       Oodaloop:       ZDNet:        Cybersecurity-Review

You Might Also Read: 

Old Magecart Domains Come Back To Life

 

« Protecting Your E-Commerce Business Against Ransomware Attacks
The Pentagon Needs To Change How It Does AI »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

SC Media

SC Media

SC Media arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

Tymlez Software & Consulting

Tymlez Software & Consulting

Tymlez Software and Consulting is a start-up specialised in blockchain technology for enterprises.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.

Cyberhill Partners

Cyberhill Partners

Cyberhill is a professional engineering services firm solving complex software implementation and integration challenges.