Cybersecurity researchers have discovered a new Linux malware downloader that targets Linux servers poorly defended by cryptocurrency miners and DDoS IRC bots.
Researchers at ASEC discovered the attack after the Shell Script Compiler (SHC) used to create the downloader was uploaded to VirusTotal. Obviously, the uploader of the SHC is a Korean user, and the target is also a Korean user.
Further analysis revealed that threat actors were attacking weakly defended Linux servers to force their way into administrator accounts via SSH.
Mining Monero
Once they’re in, they install cryptocurrency miners or DDoS IRC bots. The miner deployed is XMRig, arguably the most popular cryptocurrency miner among hackers.It uses the computing power of the victim endpoint (opens in a new tab) Generate Monero, a privacy-oriented cryptocurrency whose transactions appear to be untraceable and whose users are supposedly unidentifiable.
In the case of DDoS IRC bots, threat actors can use it to run commands such as TCP Flood, UDP Flood, or HTTP Flood. They can run port scans, Nmap scans, kill various processes, clean logs, and more.
“Because of this, administrators should use hard-to-guess passwords for their accounts and change them regularly to protect Linux servers from brute-force and dictionary attacks, and update to the latest patches to prevent exploits,” ASEC said in its statement . Report.
“Administrators should also use security programs, such as firewalls, for servers accessed from the outside to limit attackers’ access.”
Linux systems are constantly bombarded with malicious deployments, most commonly ransomware and cryptojacking.
A February 2022 VMware report stated that the continued success of Linux services in the digital infrastructure and cloud industries, and the fact that most anti-malware and network security solutions are focused on protecting Windows-based devices, make Linux In a state of walking on eggshells.
pass: Beep computer (opens in a new tab)