New Linux Trojan Can Spy on Users by Taking Screenshots and Recording Audio

An anonymous reader writes: Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users: the Linux.Ekoms.1 trojan. It includes functionality that allows it to take screenshots and record audio. While the screenshot activity is working just fine, Dr.Web says the trojan's audio recording feature has not been turned on, despite being included in the malware's source code. "All information transmitted between the server and Linux.Ekoms.1 is encrypted. The encryption is initially performed using the public key; and the decryption is executed by implementing the RSA_public_decrypt function to the received data. The Trojan exchanges data with the server using AbNetworkMessage."

shocked, shocked i say!

[Gravis+Zero]

Dr.Web malware specialists have not disclosed how this malware infects Linux computers.

But they are willing to sell you their Linux antivirus software.

From what I've gathered, it's written in C++, uses Qt 5.4 or higher (that's when the enumeration value QStandardPaths::GenericDataLocation was added to Qt) and it's not self-propagating.

So basically, it's a program that has to be installed on your computer... maybe from a compromised package repo server.