Malware known as CDRTheif has been targeting voice over IP (VoIP) soft switches inside telecom carrier’s networks in a data-stealing campaign that utilizes Linux-targeted code. The code has the capability to steal phone call metadata, according to researchers at ESET. The malware was allegedly custom-developed to target the Linknat VOS2009 and VOX3000 soft switches, which typically run on standard Linux servers.
Through leveraging the vulnerability, attackers could retrieve private data such as call detail records, call times, duration, source number, and destination location. ESET has stated it believes that the malware’s chief function is to collect data from the soft switches. Unlike other common backdoors, this variant does not have shell command execution support and it likely unable to exfiltrate targeted files from the compromised disk.
Read More: CDRThief Malware Targets VoIP Gear in Carrier Networks