A new Linux malware dubbed “CDRThief” is found by the cybersecurity researchers. The researchers have come to the conclusion that this malware can target the voice over IP. It can result in stealing the phone call metadata. As per the researchers, the goal of the malware is to exfiltrate previous private data from a compromise Softswitch. This threat can also steal the call record details of the customers. All of the information was presented in the Thursday analysis by ESET researchers. The researchers also said that the attackers must have a very good understanding of the internal architecture of the platform.
Software switches are usually VoIP servers that allow for telecommunication networks. The telecommunication networks provide management of voice, fax, data and video traffic, and call routing. The research by the concerned authorities also said that CDRThief targeted a specific Linux VoIP platform. The name of the platform was VOS2009. The procedure of setting up the malware starts from locating the vulnerable soft switch configuration files. The files are taken from a list of predetermined directories. The main goal is to access the MySQL database credentials. To make the attack successful, the attackers will have to reverse-engineer the platform binaries. The attackers also exfiltrate the details of the database.
The researchers also stated that the attackers can only gather the data from the database by using their malware. However, there is a big threat in the near future because they can also introduce more features to steal advance documents. The attackers can also introduce an updated version of their malware. The reason behind this attack is still unclear. The researchers were also not sure whether the malware is deployed into compromise devices or not. They concluded that the malware is used for cyberespionage or VoIP fraud. The attackers have basically obtained the information of VoIP softswitches and their gateways. They can easily perform International Revenue Share Fraud (IRSF).