CDRThief
A new and unknown malware piece has been identified on Linux systems used to operate Voice-over-IP (VoIP) switches. According to cybersecurity experts, the threatening implant's primary purpose is to extract metadata related to phone calls that have been routed through the infected switch. However, it is still too early to say who could be behind this attack, and how the threatening software was deployed to the targeted systems. The threat, dubbed CDRThief, is most likely to be used for telephony fraud or espionage.
Cybersecurity experts are more inclined to believe that the CDRThief malware is used for cyber espionage because of the very specific software it targets – it goes after the VoIP systems VOS2009 and VOS3000, produced by a Chinese manufacturer. As mentioned earlier, the infection vector is not yet clear, but it is possible that the attackers may have a zero-day exploit, or they are relying on exploiting weak login credentials.
Once CDRThief is installed, it would try to extract stored credentials from the databases that VOS2009 and VOS3000 use. While CDRThief's functionality is limited relatively, experts believe that the malware author is well-versed when it comes to exploiting VoIP systems. Usually, implants of this sort have extra functionality like collecting files or running remote commands, but the CDRThief does not support such features.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.