New Linux malware hides in cron jobs with invalid dates
www.bleepingcomputer.com
Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st.
  • @dragnucs@lemmy.ml
    02 years ago

    They say that since the taskcis scheduled for February 31st it never gets executed. But how does it get executed?

    • CHEF-KOCHOP
      12 years ago

      I am also not entirely sure but it gets remotely executed.

      From https://sansec.io/research/cronrat

      Not all parts are disclosed to testing, this is not possible with the given code.

      If you block the remote IP that should already enough to prevent it from starting even if you are infected. I try to contact Bleeping asking them to fill all gaps and release a range of all IPs.