Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Linux Trojan Can Spy on Users by Taking Screenshots and Recording Audio (drweb.com)

Posted by Soulskill on from the take-care-when-yelling-sensitive-personal-information-at-the-screen dept.

An anonymous reader writes: Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users: the Linux.Ekoms.1 trojan. It includes functionality that allows it to take screenshots and record audio. While the screenshot activity is working just fine, Dr.Web says the trojan's audio recording feature has not been turned on, despite being included in the malware's source code. "All information transmitted between the server and Linux.Ekoms.1 is encrypted. The encryption is initially performed using the public key; and the decryption is executed by implementing the RSA_public_decrypt function to the received data. The Trojan exchanges data with the server using AbNetworkMessage."

12 of 130 comments (clear)

  1. And it's easy to get infected without realizing it by rossz · · Score: 4, Funny

    Simply download the package and run these steps:

    1. tar xzf trojan.tar.gz
    2. cd trojan
    3. ./configure
    4. make
    5. sudo make install

    --
    -- Will program for bandwidth
  2. back in the old days by Anonymous Coward · · Score: 5, Funny

    Linux didn't support my laptop's webcam.

    1. Re: back in the old days by Anonymous Coward · · Score: 3, Funny

      That's a common misconception about systemd: just run `systemctl stop malwared` and you'll be all sorted.

  3. Re:And it's easy to get infected without realizing by code_monkey_steve · · Score: 5, Funny

    Simply download the package and run these steps:

    It doesn't build with my version of libc. Is there a wiki or forum, or something?

  4. haha by ouachiski · · Score: 4, Funny

    Jokes on them, my headless Linux box doesn't have a microphone. I will go back to playing my xbox1 on my Samsung tv while asking Siri for game pointers...

    --
    sorry for my comments, I'm drunk
  5. Re:Stupid users by greenfruitsalad · · Score: 4, Funny

    but why did they make a new name for it? "teamviewer" is much easier to remember.

  6. Every cloud by melonman · · Score: 5, Funny

    Wait, so someone has found a way to make audio work reliably across Linux distros? Does this make 2016 the Year of the Linux Desktop?

    --
    Virtually serving coffee
  7. Malware's source code by Rik+Sweeney · · Score: 4, Funny

    Well of course the source code is provided, no Linux user is going to install something without first knowing what it does!

    --
    Summation 2
  8. Where can I submit a bug report? by Lumpy · · Score: 3, Funny

    This trojan doesnt work with pulseaudio..... well technically NOTHING works with pulseaudio.

    So I want them to write and push out a patch so it will work with not just ALSA but the other 657 different audio interface API's.

    --
    Do not look at laser with remaining good eye.
  9. Re: And it's easy to get infected without realizin by Anonymous Coward · · Score: 5, Funny

    I don't think it runs on anything except a 5 year old ubuntu with default setup and you need to kill pulseaudio + make sure your microphone is alsa device 0:1 for the experimental recording function. Also try disabling compositing, if your screenshots only show the desktop background.

    You might have to create the certs for the encrypted uploads manually if the system isn't getting enough entropy fast enough or the Trojan will assume that the connection timed out and go into an endless loop.

    Just run the Windows version with wine until the devs get their shit together!

  10. Re: oh noes by Anne+Thwacks · · Score: 3, Funny
    Fortunately Windows PCs are not compromised until Windows is installed.

    Oh, Wait ...

    --
    Sent from my ASR33 using ASCII
  11. Re:shocked, shocked i say! by thegarbz · · Score: 4, Funny

    I tried to restart Gnome Shell... and I started getting audio in a foreign language of people speaking.

    You fool. We finally found someone who was able to get remote audio working on Linux and you hung up on them!