There are many types of malware that exist on the network. There are many varieties of threats and attacks that can compromise our security and the proper functioning of the devices. The good news is that security tools are constantly improving to avoid these attacks. However, hackers also improve their techniques to avoid detection. Today we echo Dacls , a new Trojan that affects both Windows and Linux users and is also difficult to detect today.
Dacls, the new threat for Windows and Linux
One of the types of threats that are present on the network are remote access Trojans. They can affect mobile devices and also desktop computers. There are very varied and sometimes they can be complex to be detected. That’s what happens with Dacls, a new threat that affects Windows and Linux .
Dacls is a remote access Trojan that belongs to the Lazarus group . According to computer security researchers who have detected it, only two antivirus engines have detected it. This means that we are facing a threat that, at least today, is difficult to detect.
The Lazarus group has been present in many other similar attacks before. In this case they have created a complex Trojan remote access that has the functionality to attack both Windows and Linux systems. Security researchers have named it Win32.Dacls and LinuxDacls .
In the case of the Win32.Dacls add-in, it is dynamically loaded through a remote URL. By Linux.Dacls uses 6 different plug-in modules that include executing commands, file management, process management, access to the test network, C2 connection agent, network scanning.
This multiplatform Dacls Trojan and its C2 protocol use TLS and RC4 double layer encryption, the configuration file uses AES encryption and supports the dynamic update of the C2 instruction.
On the part of security researchers indicate that this Trojan is based on existing vulnerabilities such as CVE-2019-3396. Once again we are facing a case in which we are shown the importance of always keeping the equipment updated, as well as the different applications and services we use.
How to prevent the entry of threats
We have seen that in the case of this Trojan it may not be detected by many antivirus. However, a first barrier that we must always keep in mind is the use of security tools . These programs must be updated correctly.
In addition, many threats of this type are based on existing vulnerabilities. The attackers take advantage of security flaws that can put the systems at risk. It is vital therefore to have updated equipment with the latest versions. This must be applied regardless of the operating system we are using, as well as any program we use.
But without doubt the most important thing is common sense . You have to be very careful when surfing the web, downloading programs or accessing links. You must always enter official platforms and not compromise our data.