General 1min de Leitura - 26 de August de 2020

CrossRat: Discover the new threat that affects several operating systems

Teclado de notebook com teclas iluminadas

This post is also available in: Português English Español

In the last week, a new threat has been testing the digital security world. CrossRat, as it was named, is malware built in Java and developed by the Lebanese group Dark Caracal, already known to have spread other malicious programs over the internet.

According to information from The Hacker News website, CrossRat can infect Windows, Linux and MacOS devices, giving hackers permission to access the device’s kernel. In this way, you can install the malware according to the operating system settings used.

When installed, it enables cybercriminals to issue certain commands and thus perform specific activities. Among them, it is possible to run programs and take screenshots, which facilitates the main purpose of the spying program: stealing personal data from the victim.

Through social engineering, the practice of conversation and induction used in social media, malware can spread through the internet. Publications with malicious URLs, usually posted on Facebook and WhatsApp, enable malicious program infection.

How to identify the malware? *

In Windows:

  • Scan the registry key at ‘HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \’.
  • If infected, there will be a command that includes java, -java, and mediamgrs.jar.

In MacOS:

  • Check the files java, jar, in ~/Library.
  • Also search for mediamgrs.plist. in /Library /LaunchAgents o ~/Library /LaunchAgents

In Linux:

  • Check the Java file, mediamgrs.jar, in / usr / var.
  • Also look for an ‘autostart’ file in ~/.config/autostart probably called mediamgrs.desktop.

How to be protected?

CrossRAT has a high infection rate on computers, especially those with Windows or Linux operating systems instaled – because they have Java software preinstalled, which is the basis of CrossRat malware.

However, many antiviruses are already able to detect the threat, including AVG, Avast and Karspersky – some of the most popular. Therefore, having basic anti-virus software is essential to identify the threat and, consequently, eliminate it.

But more than that, it’s important to avoid opening any suspicious links, be they sent by emails, instant messaging applications or social networks. We point out that even messages sent by close friends should be considered suspicious. When it comes to digital security, care must be large and specific.

*Information from The Hacker News.

This post is also available in: Português English Español