Linux malware variant dubbed “CDRThief” targets VoIP softswitches that run off of Linux-based servers. Malware exfiltrates VoIP data by accessing the internal data stored in the networks database. The malware then reads credentials from the Linknat VOS2009 and VOS3000 configuration files and queries the database used by the network to access the metadata, such as IP addresses, call duration and call duration. It’s unclear how the malware initially infects these VoIP systems, but it might be possible for the attackers to use a brute force attack or exploit vulnerabilities in the platforms developed by Linknat.”]
Source: https://www.cuinfosecurity.com/linux-malware-targets-voip-networks-to-steal-metadata-a-14983