The Linux trojan that spied on users by taking screenshots of their desktop now has a Windows variant, as Kaspersky's security team has found out.
The trojan, first discovered by Dr.Web and named Linux.Ekocms, and later also identified by Sophos as Linux/Mokes-A, and then by Kaspersky as Backdoor.Linux.Mokes.a, has caused some stir in the Linux community because it was one of the first spyware threats detected in the wild on the platform.
However, things weren't as bad as initially thought. Mokes (we'll use this name to describe the trojan) only had the screenshooting ability enabled in the version that Dr.Web discovered.
The keylogger and the audio recording features were dormant, and
Kaspersky's analysis released today confirms this.
The bad part is that the Kaspersky researchers also discovered a Windows variant of this trojan, which did have the keylogger component enabled.
