Cybersecurity researchers have discovered a new Linux malware Downloader targeting poorly protected Linux servers with cryptocurrency miners and DDoS IRC bots.
ASEC researchers discovered the attack after the Shell Script Compiler (SHC) used to create the downloader was uploaded to VirusTotal. Apparently it was Korean users who uploaded the SHC and it is also Korean users who are the target.
Further analysis has shown that threat actors are poorly defended Linux Servers that brute force their way into admin accounts over SSH.
mine monero
Once on their way, they install either a cryptocurrency miner or a DDoS IRC bot. The miner used is XMRig, probably the most popular cryptocurrency miner among hackers. It uses a victim’s computing power endpoints (opens in new tab) to generate Monero, a privacy-focused cryptocurrency whose transactions appear to be untraceable and whose users are said to be unidentifiable.
For the DDoS IRC bot, the threat actors can use it to run commands like TCP Flood, UDP Flood, or HTTP Flood. You can run port scans, Nmap scans, kill various processes, clean the logs and much more.
“For this reason, administrators should use hard-to-guess passwords for their accounts and change them regularly to protect the Linux server from brute force attacks and dictionary attacks, and update to the latest patch to prevent vulnerability attacks,” ASEC said in his test report.
“Administrators should also use security programs such as firewalls for externally accessible servers to limit attackers’ access.”
Linux systems are mostly constantly bombarded with malicious deployments ransomware and cryptojacking.
A February 2022 VMware report states that the continued success of Linux services in the digital infrastructure and cloud industries, and the fact that most anti-malware and cybersecurity solutions are focused on protecting Windows-based devices, Putting Linux on thin ice.
Above: Beeping computer (opens in new tab)
