CrossRAT, a trojan undetectable that affects Windows, macOS and Linux

This time you're not safe if you use a computer Apple –macOS- or Linux. The malware we are dealing with affects Windows, Linux and macOS, so that your audience is really broad. The malware gets inside the known as trojans, and is designed to provide attackers with remote access to the manipulation of the file system of the computer of your victim, as well as take screenshots and many more. It's being distributed by social networks, as well as apps, instant messaging like WhatsApp.

In addition to being multiplatform, and, therefore, have a greater scope for their potential victims, they are using techniques viralization to infect the maximum devices possible. In messages broadcast from WhatsApp, and through the social network Facebook, is where you are distributing applications and software infected with this trojan is programmed with Java. It is precisely this programming language which has facilitated the research of the trojan CrossRAT. However, for the moment only two antivirus –of 58, according to VirusTotal-they are able to detect the threat.

CrossRAT: a new trojan that can infect anyone, to take control of your computer

CrossRAT has been designed with different persistence mechanisms, specific to each operating system, so that in every restart of the system the computer remains infected. And, of course, is to carry out the contact with the remote server for execution of commands remotely on the victim's computer. There is a way –for each operating system- to know if our computer is infected with this new trojan, or not. And as already mentioned before, VirusTotal is used to detect the threat scanning files that can be infected.

In Windows, the path ‘HKCU\Software\Microsoft\Windows\CurrentVersion\Run\’ of the registry of the system we will see a command java-jar or mediamgrs.jar on infected systems. On macOS we would find the file mediamgrs.jar in ~/Library in case of that the device is infected, or the file mediamgrs.plist in the directory/Library/LaunchAgents or ~/Library/LaunchAgents named mediamgrs.plist. And in last place, in Linux we can detect the threat by logging to /usr/var; if computer is infected, you will find a jar file(mediamgrs.jar).