ESET has discovered that a new type of Linux malware is targeting VoIP platforms and has published an analysis of the Linux malware CDRThief.
ESET researchers have discovered previously unknown Linux malware that targets Voice over IP (VoIP) soft switches. The malware was named by the analysts at the European IT security manufacturer CDRThief. The attacked Softswitches Linknat VOS2009 and VOS 3000 both come from a Chinese manufacturer. Softswitches are software that connect and control VoIP phone calls. At the same time, these programs can also be used to bill and manage calls. The new Linux malware is targeting sensitive information, including telecommunications data, in the compromised Linknat versions. The ESET researchers have published their full analysis on WeLiveSecurity.
“So far, it is unclear what the attackers are pursuing with CDRThief. Since the hackers are targeting confidential information, including call metadata, we suspect cyber espionage as the main purpose, ”explains ESET researcher Anton Tscherepanov. “Another possible target would be VoIP fraud. Since the attackers receive information via VoIP soft switches and gateways, they could misuse this data for financial fraud. "
How does CDRThief malware work?
In order to gain access to confidential information, the malicious program searches internal MySQL databases that are used by Softswitch. In this way, the attackers get an overview of the internal architecture of the target platform.
In order to hide the malicious functions from a static analysis, the developers of CDRThief have encrypted all suspicious looking strings, even the decryption password. Nevertheless, the malware is able to read and decrypt it. In this way, the attackers show that they have in-depth knowledge of the target platform. The smuggled out data is also coded and can only be decrypted by the attacker.
More on this at WeLiveSecurity on ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.