Linux trojan takes screenshots and records audio
Researchers at the Russian anti-virus company Doctor Web have discovered a trojan for Linux that periodically takes screenshots and downloads files from an infected machine. Also, the Trojan can record audio through a connected microphone.
The anti-virus company calls the trojan Ekoms. The malware takes a screenshot every thirty seconds and saves it in jpeg format in a temporary directory. If the file is not saved, the trojan tries to save the file in bmp. This temporary directory is then uploaded to a remote server over a secure connection. The trojan also searches for certain files in the home directory. If it doesn’t find it, the trojan itself chooses a subdirectory to store itself in.
Besides the ability to take screenshots, there is also code in the trojan to record sound and save it as a .aat file in wav format. According to Doctor Web, this is not used for anything else.
The malware looks for the files “$HOME/.local/share/.mozilla/firefox/profiled” and “$HOME/.local/share/.dropbox/DropboxCache”. If any of those files are not found, the trojan creates them itself. The antivirus company does not report how the trojan spreads or how many systems are infected with the malware.