Cyber security scholars have detected a new Linux malware downloader that targets poorly protected Linux servers with cryptocurrency miners and IRC DDoS bots.
ASEC researchers discovered the attack after the Shell Script Compiler (SHC) used to create the downloader was uploaded to VirusTotal. Supposedly, Korean users are downloading CHS, and Korean users are also being targeted.
A subsequent analysis showed that threat actors take advantage of poorly protected Linux servers, savagely hacking into administrator accounts via SSH.
mining monero
Once inside, they will install a cryptocurrency miner or IRC DDoS bot. The deployed miner is XMRig, probably the most popular cryptocurrency miner among hackers. It uses the computing power of a victim's endpoints (opens in a new tab) to produce Monero, a privacy-focused cryptocurrency whose transactions are supposedly untraceable and whose users are said to be identifiable.
For the DDoS IRC bot, threat actors can use it to execute commands like TCP Flood, UDP Flood, or HTTP Flood. They can run port scans, Nmap scans, kill multiple processes, clean up registries, etc.
"For this reason, administrators should use rather hard-to-guess passwords for their accounts and change them periodically to protect Linux server from wild force attacks and dictionary attacks, and update to the latest patch to prevent vulnerability attacks," he said. ASEC. in your report.
"Administrators should also use security programs such as externally reachable server firewalls to limit access by attackers."
Linux systems are continually bombarded with malicious implementations, more generally ransomware and cryptojacking.
A February XNUMX VMware report noted that the increasing success of Linux services in the digital infrastructure and cloud industries, along with the fact that most anti-malware and cybersecurity solutions are focused on protecting Windows devices, put Linux in a fragile situation.
Via: BleepingComputer (opens in a new tab)