Linux Hit with Malware That Saves Activity Screenshots Every 30 Seconds

A new Linux malware has been discovered which aims to help criminals steal data and spy on the PCs of infected users.

The renowned IT security software developers Dr.Web from Russia have discovered a new malware targeting Linux users with the ability to embed itself with JPEG file format and send a screenshot of user’s activity on the machine after every half a minute (30 seconds).

Dr Web has labelled this malware as Linux.Ekoms.1 and further revealed that once the user is infected with the malware all the online activities are sent in a shape of JPEG image to its developers. In the event, if the images can’t be saved in JPEG, Linux.Ekoms.1 looks for other file extensions and goes for BMP file format.

Action perform by Linux.Ekoms.1 malware / Image Source: Dr.Web

The findings publicised by the researcher confirm that this is not an ordinary malware. It generates a filtering list for the “aa*.aat”, “dd*ddt”, “kk*kkt”, “ss*sst” files that are searched in the temporary location and uploads the files that match these criteria to the server.

The cyber criminals behind this malware can also launch DDoS attack by sending commands using command and control (C&C). The C&C is a kind of external server with which software (usually a malware) communicates with for further instructions.

Linux system is considered to be more secure as compared with other operating systems like Windows and Mac OS X. However, as time passes, the Linux OS is increasingly targeted by hackers. Last month, Rekoobe malware targeted Linux users with the ability to download files from its C&C server, uploading files to the C&C server and executing commands on the local shell.

Another Linux.Encoder.1 malware in November last year was caught targeting Linux users with ransomware scam by locking their systems and demanding Bitcoins in return of full access to the machine.

SourceDr Web


Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.