Analysis of the malware revealed that it was specifically created for a particular Linux VoIP platform, namely Linknat VOS2009/3000 softswitches. A softswitch is a software solution
acting as a VoIP server that manages traffic (audio/video/text) in a telecommunication network. It is a central element that ensures a connection between both internal and external lines. CDRThief’s purpose is to compromise VOS2009/3000 softswitches and steal
call metadata from internal MySQL databases, such as IP addresses of the callers, phone numbers, start time and duration of the call, its route, and type.
Learn more >