You are not logged in.

#1 2018-02-05 09:56:17

tydynrain
Member
From: Lower Puna, Big Island Hawai'i
Registered: 2017-10-26
Posts: 115
Website

CrossRAT Cross-Platform Malware

I just found this article on The Hacker News about a new cross-platform Java-based malware app that is capable of infecting Windows, MacOS, Solaris, Linux, and likely the BSDs, though they were not specifically mentioned. I hope this post has some use to the Arch community to help protect against it. 

Tydyn.

https://thehackernews.com/2018/01/cross … e.html?m=1


Registered Linux User: #623501 | Arch Linux Principles: Simplicity - Modernity - Pragmatism - User Centrality - Versatility => KISS
Arch Linux, the most exciting thing since Linus created Linux and married it with GNU/GPL.
Arch Linux for Life, Arch Linux Forever!

Offline

#2 2018-02-05 12:09:47

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,444
Website

Re: CrossRAT Cross-Platform Malware

CrossRAT is a cross-platform remote access Trojan that can target all four popular desktop operating systems, Windows, Solaris, Linux, and macOS...

It's hard to take an article seriously when it starts with 'facts' like these.

And this "infects" a computer when a user willingly downloads and runs a java executable "installer" from a website.  If you are downloading executables from random websites and running them, this malicious remote access tool is really the least of your problems.

This sounds about like some nasty psychopath lacing raw sewage with cyanide.  I don't think we need much warning about the breaking news that there could be dangerous new risks in drinking raw sewage.  (EDIT: I suppose there is a new recent hype about "raw water", but to me that's just inspiring evidence that natural selection may be able to put a cap on stupidity.)

Last edited by Trilby (2018-02-05 12:16:10)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#3 2018-02-05 14:57:42

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: CrossRAT Cross-Platform Malware

The article title: "Beware! Undetectable CrossRAT malware"

At the bottom of the article: "How to Check If You're Infected with CrossRAT?" ==> "Also look for an 'autostart' file in the ~/.config/autostart likely named mediamgrs.desktop."

Please, this is hardly even malware. Not unless a custom bash script running `xinput test` also counts as a terrifying malware.

Last edited by eschwartz (2018-02-05 15:04:57)


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#4 2018-02-05 15:52:20

tydynrain
Member
From: Lower Puna, Big Island Hawai'i
Registered: 2017-10-26
Posts: 115
Website

Re: CrossRAT Cross-Platform Malware

Indeed. You are both correct. My apologies.


Registered Linux User: #623501 | Arch Linux Principles: Simplicity - Modernity - Pragmatism - User Centrality - Versatility => KISS
Arch Linux, the most exciting thing since Linus created Linux and married it with GNU/GPL.
Arch Linux for Life, Arch Linux Forever!

Offline

#5 2018-02-05 16:30:40

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,444
Website

Re: CrossRAT Cross-Platform Malware

I don't think appologies are needed.  We're pretty direct around here, but I certainly didn't intend to sound like I was scolding you for posting this - I just wanted to ensure that any other readers' reactions were tempered by my skepticism about the importance (and veracity) of the article.

It seems fitting for a "GNU/Linux Discussion" subforum and it's reasonable to ask whether or to what degree a linux user should be concerned.  My answer, simply, is that there is really no need for concern assuming one has generally reasonable practices for managing software installation - and if this assumption is not met, this one particular threat is still not likely the main concern.

Last edited by Trilby (2018-02-05 16:34:10)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#6 2018-02-05 16:49:06

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: CrossRAT Cross-Platform Malware

Yeah, as Trilby said, it is the article I am laughing at, not you.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#7 2018-02-06 06:52:23

tydynrain
Member
From: Lower Puna, Big Island Hawai'i
Registered: 2017-10-26
Posts: 115
Website

Re: CrossRAT Cross-Platform Malware

Trilby and Eschwartz,

thank you for your posts, and no worries. I honestly have a strong desire to contribute to Arch, as it is really the first project of this nature that I find so amazing, in so many different ways, that I want to get myself involved and help out as much as I'm able, which I'm doing more and more as I orient myself. Part of the challenge is that to Linux newbs I'm advanced, and to truly advanced users, I'm the newb, so I'm in the middle somewhere, learning as much as I can as quickly as I can.

That paragraph is likely off-topic just a tad...


Registered Linux User: #623501 | Arch Linux Principles: Simplicity - Modernity - Pragmatism - User Centrality - Versatility => KISS
Arch Linux, the most exciting thing since Linus created Linux and married it with GNU/GPL.
Arch Linux for Life, Arch Linux Forever!

Offline

#8 2018-02-06 14:05:37

drcouzelis
Member
From: Connecticut, USA
Registered: 2009-11-09
Posts: 4,092
Website

Re: CrossRAT Cross-Platform Malware

You are contributing. smile

And we all have at least one Linux topic that we are newbs at. wink

Thanks for the info about the malware. I have a bad habit of thinking of Linux as being invulnerable to everything, which means I'll click on anything. sad

Offline

#9 2018-09-25 09:52:41

maheshhegde
Member
Registered: 2018-09-25
Posts: 8

Re: CrossRAT Cross-Platform Malware

It may be true. But the **security circus** overrates things done by script kiddies.

Offline

Board footer

Powered by FluxBB