Dr. Web discovered a New Trojan in Linux!

All user thinks that OS X and Linux are safe as compare to Windows, against malicious attacks. But this belief is totally wrong. OS X is on the top for having maximum Vulnerabilities in 2015 and It's Gatekeeper is also vulnerable. If we talk about Linux, Dr. Web (A Russian Security Firm) found a new Trojan Dubbed “Linux.Ekoms.1” which is targeting users by taking screenshots of their systems after every 30 seconds. It is a bad news for Linux users. Linux also had been targetted by a ransomware called “Linux.Encoder” in October, 2015.

Dr. Web said that Linux.Ekoms.1 Trojan is a different type of danger for Linux users. Once it got entry in the system of user, it could be harmful for user in many forms. This Trojan is capable to take screenshots of victim's computer after every 30 seconds and can save these screenshots in .JPEG or BMP format on the remote server with the extension “.sst”. It can also record sounds of system and save them in WAV format using extension “.aat”.

This Trojan checks the temporary files folder to scan its file because it is capable to download and upload files from this folder to the remote server. The address of the remote server is present in this Trojan in Hardcoded Scripts. After activation, Trojan mainly search for two files “$HOME/$DATA/.dropbox/DropboxCache” and “$HOME/$DATA/.mozilla/firefox/profiled”.

If Trojan did not found these two files, it will save some new files by itself with a new name in temporary folder. These files will establish connection between Trojan and Remote Server. This remote server has the control of Trojan “Linux.Ekoms.1”. All the information sent by Trojan to the server will be in Encrypted form. This Trojan have a number of features, which are dangerous for user. This Trojan can enable and disable a number of services of user's system automatically.The Trojan sends the screenshots of victim's system to remote server and by analysing these screenshots hackers can steal the sensitive information of user.

There is no information about, how this Trojan enter in the system of Linux user. But it should not be underestimated because it is a big danger for Linux users as it has many features which can steal the sensitive information of user.