Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. CronRAT is employed in Magecart attacks against online stores web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers. While investigating CronRAT infections in North America and Europe the researchers spotted a new malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Like CronRAT, also NginRAT works as a "server-side Magecart," it injects itself into an Nginx process. Experts pointed out that a rogue Nginx process could not be distinguished from the original. To do that, NginRAT modifies core functionality of the Linux host system.