A new virus , called “CrossRAT”, is being used for spying and has been prominent among digital protection researchers . The virtual plague was discovered over the past week and has as main feature being multiplatform. That is, malware can attack computers running Linux, Windows , MacOS, and even Solaris, an operating system developed by Oracle .
CrossRAT, when it infects a PC, allows a malicious hacker to send remote commands to the computer and obtain confidential information from users. The malware is dispersed on the Internet through simple practices of social engineering. Messages with a malicious URL that lead the user to install malware have been shared in groups on Facebook and WhatsApp.
The virus is built in Java and, once on the machine, does a full scan. It can recognize the kernel, the most basic layer that connects the system to hardware, and architecture. The purpose is to do specific installation of the program according to each software . CrossRAT is so refined that it can rummage through the Linux system to recognize the system’s distribution (Centos, Debian, Kali Linux, Fedora etc).
The trojan enables the hacker to send commands to the computer and, thus, to activate the espionage of the system. From a distance, the criminal can take prints off the screen, manipulate files and run programs. In addition, CrossRAT has a built-in keylogger, software that records what is typed on the computer . However, researchers who looked at the virus did not find a way to activate the latter tool .
Antivirus can identify the threat!
According to The Hacker News website, Windows and Linux computers are more likely to be infected. This is because, as the virus is developed in Java, it is necessary for the user to have this application on his computer . Both operating systems already have a pre-installed version of Java, while in macOS it would be necessary to download the software .
The hmar6.jar file is the executable that installs CrossRAT. According to the VirusTotal site , 23 of the 58 most popular antivirus programs can already detect malware .
How do I know if your machine is infected?
According to the TechTudo Portal , it is possible to find out if in your computer there is the file of CrossRAT through a simple search:
How to find out the infected file in Windows:
- Open Regedit (System Registry)
- Check the HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ registry key .
- If infected, there will be a command that includes Java , -jar, and mediamgrs.jar .
How to find out the infected file in Linux:
- Check if the mediamgrs.jar file exists in the Java folder in / usr / var .
- Also look for an “autostart” feature file called mediamgrs.desktop in ~ / .config / autostart .
How to find out the infected file on MacOS:
- Open the Library folder in the Finder (“Go> Go to Folder> Library” or “Go> Go to folder> Library”)
- Make sure that the malicious file mediamgrs.jar is in the Java folder, in ~ / Library (~ / Library).
- Also search for mediamgrs.plist. in the Launch Agents folder, within ~ / Library (~ / Library).
If you locate any of these files on your PC, notify your company’s specialized IT staff so they can study and free your device from this threat.
How to protect your company?
Having an antivirus can prevent the installation of this type of file , since the program will detect the malicious executable. However, avoid opening unknown links is necessary! Be wary of any URLs sent by email, messaging applications or social networking, even in messages shared by trusted friends.