Cybercrime is a problem that has worsened within digital ecosystems and far from disappearing, this type of malicious practices adapt to changes, seek new ways to attack and hide better and better.
The Dutch technology company SanSec, has discovered malicious code that has been developed to hide on a non-existent date: February 31st.
It is a computer virus designed to steal information from the infected device and that has infiltrated numerous online stores taking advantage of times such as’ Black Friday ‘in order to steal users’ credit card data.
How this malware works
To begin with, this virus gets its name from the combination of the words RAT, acronyms for (Remote Administration Tool) which is the official name for Trojans and “Cron” for their ability to hide in the calendar subsystem of Linux servers to create a day that does not exist, such as February 31st.
It should be noted that because it is on a date that the system does not register, it does not attract the attention of server administrators and in addition to this, many cybersecurity products do not analyze these calendar subsystems.
Faced with this threat, Willem de Groot, the director of threat research at SanSec, the company that discovered and named this virus, explained that “most online stores have only implemented browser-based defenses, and criminals take advantage of from the unprotected backend. Security professionals should consider the entire attack surface. “
Currently the company announced to have found this malware in one of the largest online stores in the Netherlands, however, it added that it has been found in other sites such as the Chinese server of ‘Alibaba’ shopping giant. On the other hand, said company announced that it has installed a specific client to intercept all kinds of commands that try to bring this virus to the systems. Additionally, SanSec claimed to have discovered another type of RAT that uses infiltration methods never seen before; however, he clarified that he will give more details as soon as more is known about this new threat.
Finally, this company dedicated to cybersecurity announced that for a few months this CronRAT will go unnoticed in critical infrastructures such as large servers, however, it invited the entire developer community to be alert.