Another day, another malware – This time, it is CrossRAT malware targeting Linux, macOS and Windows devices without being detected by anti-virus software.
Almost a week ago, the IT security researchers at OutLook along with the civil rights group, Electronic Frontier Foundation (EFF) exposed a highly sophisticated cyber espionage campaign operated by Dark Caracal hackers from Lebanon in which the group used Android malware against journalists and government officials in 21 countries.
In their findings, the researchers also highlighted the presence of another dangerous malware called CrossRAT written in Java programming language which they believe was developed by Dark Caracal to target OSX, Linux, and Windows-based devices.
The malware is capable of evading anti-virus software and manipulate the file system of a targeted device, take screenshots, run arbitrary DLLs for secondary infection on Windows, and gain persistence on the infected system.
However now Patrick Wardle, a security researcher, and ex-NSA hacker has published a detailed report on CrossRAT according to which once infecting the computer, the malware performs a thorough scan on the machine. It can identify the kernel, the most basic layer that integrates the system with hardware, and the type of architecture. The purpose is to do the specific installation of the program according to each software.
CrossRAT is so sophisticated that it can rummage through Linux systemmd to identify the distribution of the system including Arch Linux, Centos, Debian, Kali Linux, Fedora etc). In addition, CrossRAT has a built-in keylogger, software that records what is typed on the computer and send it to the command control center (C&C). However, Wardle did not find a way to activate the latter tool.
To read the original article: