>
Cybersecurity researchers have discovered a new Linux malware downloader that targets poorly defended Linux servers with cryptocurrency miners and DDoS IRC bots.
ASEC researchers discovered the attack after the Shell Script Compiler (SHC) used to create the downloader was uploaded to VirusTotal. Apparently it was Korean users who uploaded the SHC, and it’s also Korean users who are being targeted.
Further analysis has shown that the threat actors go after poorly defended Linux servers and brutally force their way into administrative accounts via SSH.
Mining Monero
Once they find their way in, they install a cryptocurrency miner or a DDoS IRC bot. The miner deployed is XMRig, perhaps the most popular cryptocurrency miner among hackers. It uses the computing power of a victim’s endpoints (opens in new tab) to generate Monero, a privacy-focused cryptocurrency whose transactions are seemingly impossible to track and whose users are allegedly impossible to identify.
For the DDoS IRC bot, the threat actors can use it to execute commands like TCP Flood, UDP Flood or HTTP Flood. They can perform port scans, perform Nmap scans, kill various processes, clean the logs and more.
Therefore, administrators should use passwords that are hard to guess for their accounts and change them periodically to protect the Linux server from brute force attacks and dictionary attacks, and update to the latest patch to prevent vulnerability attacks. to report on.
“Admins should also use security tools, such as firewalls for servers that can be accessed from the outside, to limit access by attackers.”
Linux systems are constantly bombarded with malicious implementations, mostly ransomware and cryptojacking.
A February 2022 VMware report said that the continued success of Linux services in the digital infrastructure and cloud industries, as well as the fact that most antimalware and cybersecurity solutions are focused on protecting Windows-based devices, has put Linux on thin ice put.
Through: Beeping computer (opens in new tab)