• dragnucs
    link
    fedilink
    arrow-up
    5
    ·
    3 years ago

    They say that since the taskcis scheduled for February 31st it never gets executed. But how does it get executed?

    • CHEF-KOCHOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      3 years ago

      I am also not entirely sure but it gets remotely executed.

      From https://sansec.io/research/cronrat

      Not all parts are disclosed to testing, this is not possible with the given code.

      If you block the remote IP that should already enough to prevent it from starting even if you are infected. I try to contact Bleeping asking them to fill all gaps and release a range of all IPs.

    • Thann
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      Yeah, that article is really sparse on details