Researchers in the field of cyber security have discovered a brand new Linux malware downloader that spreads bitcoin miners and Distributed Denial of Service (DDoS) IRC bots to unprotected Linux hosts.
After the downloader’s source code in Shell Script Compiler (SHC) format was published to VirusTotal, researchers from ASEC uncovered the attack. It appears that Korean users uploaded the SHC and are also the targets of the attack.
A further look has revealed that the threat actors are specifically targeting Linux systems with inadequate security in order to brute-force their way into administrator accounts through SSH.
Producing Monero Through Mining
After gaining access, the intruder will likely set up a bitcoin miner or a denial-of-service (DDoS) IRC bot. XMRig, widely considered the most popular bitcoin miner among hackers, is the miner being used. It exploits the victim’s computational resources (opens in new tab) to produce Monero, a cryptocurrency designed to protect its users’ anonymity by making it difficult to trace their transactions or identify who they are.
The DDoS IRC bot may be used by threat actors to carry out operations like TCP Flood, UDP Flood, and HTTP Flood. They have the ability to scan ports using Nmap, terminate processes, clear the logs, and more.
According to ASEC’s research, “because of this, administrators should use strong passwords for their accounts and change them frequently to protect the Linux server from brute force assaults and dictionary attacks, and upgrade to the latest patch to prevent vulnerability attacks.”
“Administrators should also employ security technologies like firewalls to block access by attackers on systems that are accessible from the outside,” says the article.
Ransomware and cryptojacking are two of the most common forms of malicious deployment targeting Linux computers.
Despite Linux’s popularity in the digital infrastructure and cloud industries, a VMware analysis from February 2022 warned that the operating system was vulnerable since most anti-malware and cybersecurity solutions were designed to safeguard Windows-based systems.