Another day, another malware ,it is CrossRAT malware targeting Linux, macOS and Windows devices without being detected by anti-virus software. to be developed by the Dark Caracal group . Written in Java, this cross-platform malware can take screenshots, manipulate the entire file system, and run random DLLs for secondary infection on Windows.
As per the researchers, the developers of this Trojan are using WhatsApp messages and Facebook group messages to tract it and to redirect the customer send to the malicious websites and download malicious programs.
CrossRAT, however, does not have any predefined command to activate the keylogger, but when uses the open source Java library ‘jnativehook,’ to check the mouse and keyboard occasions.
CrossRAT, one of the very harmful desktop surveillance malware is designed with some basic surveillance features which get activated after getting the predefined instructions from C&C server.
The Trojan then uses the mechanisms according to the particular operating system and re-executes every time the infected system is rebooted. It further registers itself on the C&C server thereby providing an access to the distant attackers.
Yesterday that the malware is find by most of the security software on Virus Total, its threat has gone to a low level however following commands can also help you identify if your system is infected with CrossRAT:
Test the ‘HKCU Software Microsoft Windows Current VersionRun’ registry key. It will include a command featuring java, -jar and mediamgrs.jar if infected by CrossRAT
For Mac OS:
Search for launch agent mediamgrs.plist in in /Library/LaunchAgents or ~/Library/LaunchAgents.
(OR) Test for jar file, mediamgrs.jar, in ~/Library.
Search for an ‘autostart file’ probably named mediamgrs.desktop within the ~/.config/autostart
(OR) Test for jar file, mediamgrs.jar, in /usr/var.