CrossRat: Discover the new threat that affects several operating systems - OSTEC

This post is also available in: Português English Español

In the last week, a new threat has been testing the digital security world. CrossRat, as it was named, is malware built in Java and developed by the Lebanese group Dark Caracal, already known to have spread other malicious programs over the internet.

According to information from The Hacker News website, CrossRat can infect Windows, Linux and MacOS devices, giving hackers permission to access the device’s kernel. In this way, you can install the malware according to the operating system settings used.

When installed, it enables cybercriminals to issue certain commands and thus perform specific activities. Among them, it is possible to run programs and take screenshots, which facilitates the main purpose of the spying program: stealing personal data from the victim.

Through social engineering, the practice of conversation and induction used in social media, malware can spread through the internet. Publications with malicious URLs, usually posted on Facebook and WhatsApp, enable malicious program infection.

How to identify the malware? *

In Windows:

Scan the registry key at ‘HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \’.
If infected, there will be a command that includes java, -java, and mediamgrs.jar.

In MacOS:

Check the files java, jar, in ~/Library.
Also search for mediamgrs.plist. in /Library /LaunchAgents o ~/Library /LaunchAgents

In Linux:

Check the Java file, mediamgrs.jar, in / usr / var.
Also look for an ‘autostart’ file in ~/.config/autostart probably called mediamgrs.desktop.

How to be protected?

CrossRAT has a high infection rate on computers, especially those with Windows or Linux operating systems instaled – because they have Java software preinstalled, which is the basis of CrossRat malware.

However, many antiviruses are already able to detect the threat, including AVG, Avast and Karspersky – some of the most popular. Therefore, having basic anti-virus software is essential to identify the threat and, consequently, eliminate it.

But more than that, it’s important to avoid opening any suspicious links, be they sent by emails, instant messaging applications or social networks. We point out that even messages sent by close friends should be considered suspicious. When it comes to digital security, care must be large and specific.

*Information from The Hacker News.

This post is also available in: Português English Español

Diagnóstico que avalia a nível de conformidade com a Lei Geral de Proteção de Dados

Fazer diagnóstico

Ebooks 5 Dicas para evitar sequestro de dados

Nossas 5 dicas fundamentais para evitar sequestro de dados

Baixar eBook

Ebooks 10 dicas essenciais para aquisição de firewalls

Conheça os principais tópicos a serem considerados na aquisição de um firewall.

Baixar eBook

Ebooks Guia Lei Geral de Proteção de Dados

Documento completo para ambientalização à Lei Geral de Proteção de Dados

Baixar eBook

How to identify the malware? *

In Windows:

In MacOS:

In Linux:

How to be protected?

Corporate firewall: Understand the real importance to your business

Data backup: understand the types and characteristics

Cadastre-se em nossa newsletter