2021-11-24

CronRAT

Level: 
Tactical
  |  Source: 
Sansec
Ecommerce
Share:

CronRAT

Industry: eCommerce / All | Level: Tactical | Source: Sansec

Remote access trojan, CronRAT hides in the calendar system of a Linux server by scheduling itself on a non-existent day February 31st to evade detection. Security vendor, Sansec, identified the malware on multiple online stores with observed capabilities including fileless execution, timing modulation, anti-tampering checksums, controlled via binary, obfuscated protocol, launches tandem RAT in a separate Linux subsystem, control server disguised as "Dropbear SSH" service and payload hidden in legitimate CRON scheduled task names.

  • Anvilogic Use Case: Crontab Job Scheduling (Unix)

Chat with our team to receive a free maturity assessment

Get in Touch