CronRAT Malware Takes Skimming from the Browser to the Server

CronRAT Malware Takes Skimming from the Browser to the Server

What Is CronRAT?

CronRAT is a new sophisticated malware threat of the remote access trojan type, discovered just before this year’s Black Friday. The malware is packed with previously unseen stealth capabilities. It hides in the Linux calendar system on a particular, non-existent date, February 31st. Apparently, no security vendors recognize CronRAT, meaning that it will probably stay undetected on critical infrastructure for months.

What is CronRAT’s purpose?

The malware enables a server-side Magecart skimmer, thus circumventing browser-based security protection mechanisms.

The RAT was uncovered by Sansec researchers, who say that it is “present on multiple online stores,” including a large outlet. It is noteworthy that, because of the malware’s novel infrastructure, the firm had to rewrite one of its algorithms in order to detect in.

CronRAT Campaign Details

It is somewhat expected to expect a new piece of data-stealing, skimming malware right before Black Friday and the winter holidays. This time of the year is usually “packed” with attacks against eCommerce businesses.

Currently, the RAT is present on several online stores, one of which quite large. The malware is successfully hiding in the calendar subsystem of Linux servers (called “cron”) on a nonexistent day. Thanks to this clever trick, its operators will attract zero attention from server admins. Not to mention that most security products are not meant to scan the Linux cron system.

“CronRAT facilitates persistent control over an eCommerce server. Sansec has studied several cases where the presence of CronRAT lead to t ..

Support the originator by clicking the read the rest link below.