1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Linux Trojan That Takes Screenshots and Records Audio Has a Windows Brother

Discussion in 'Apple, Linux & Unix Security Alerts/News' started by Rich M, Jan 30, 2016.

  1. Rich M

    Rich M Guest

    Dec 24, 2013
    NE Pa USA
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    MSI Z97 PC Mate LGA 1150 Intel Z97
    Intel i7 4790K 4.0Ghz
    Corsair Vengeance 16GB (2x8GB) DDR3 2133
    Hard Drive:
    Crucial 256 Gb SSD+ WD Raptor 300 Gb Sata III
    Graphics Card:
    Radeon R9 280 2GB HDMI
    Power Supply:
    Seasonic 750 watt
    Linux Trojan That Takes Screenshots and Records Audio Has a Windows Brother
    A Mac OS X version is also theoretically possible
    Jan 29, 2016 17:40 GMT · By Catalin Cimpanu
    The Linux trojan that spied on users by taking screenshots of their desktop now has a Windows variant, as Kaspersky's security team has found out.

    The trojan, first discovered by Dr.Web and named Linux.Ekocms, and later also identified by Sophos as Linux/Mokes-A, and then by Kaspersky as Backdoor.Linux.Mokes.a, has caused some stir in the Linux community because it was one of the first spyware threats detected in the wild on the platform.

    However, things weren't as bad as initially thought. Mokes (we'll use this name to describe the trojan) only had the screenshooting ability enabled in the version that Dr.Web discovered.

    The keylogger and the audio recording features were dormant, and Kaspersky's analysis released today confirms this.

    The bad part is that the Kaspersky researchers also discovered a Windows variant of this trojan, which did have the keylogger component enabled.

    The Windows version is similar to the Linux variant but more powerful
    Under the hood, the trojan worked very much the same way its Linux counterpart did. It used a list of predefined folders where it would install itself, sent small heartbeat requests to its C&C server every minute, and stored recorded data locally, which it would later upload online when the C&C server requested it.

    There were some modifications to the trojan's makeup, because of differences between the Linux and Windows platforms, but they were insignificant.

    Besides the extra keylogging feature that made the Mokes Windows variant stand out, there was another thing, the presence of a stolen digital certificate issued by Comodo.

    Mokes was using this certificate to fool the Windows OS into thinking it was a legitimate application from a known software source.

    Additionally, the trojan was also coded in C++ and Qt, a cross-platform application framework that supports all three major operating systems. Theoretically, this would mean that a Mac OS X version is also feasible.

  2. Kenny94

    Kenny94 Registered Members

    Jan 21, 2016
    Operating System:
    OS X
    Computer Brand or Motherboard:
    iPad Air, HP Chromebook and Compaq laptop with xp
    And goes dormant as well! I said this many times....Why these guys do something interesting like Piranha Swimming to get their kicks. It's amazing, how these “malware” programs are released.

Share This Page