Security experts have discovered a new Linux malware downloader that uses cryptocurrency miners and DDoS IRC bots to attack Linux servers with weak security. After the downloader’s shell script compiler (SHC) was uploaded to VirusTotal, researchers from ASEC found the attack. It appears that Korean users were the ones who uploaded the SHC, and Korean users are also the targets.
Additional research has revealed that threat actors target Linux servers with weak security by brute-forcing their way into administrator accounts over SSH. Once inside, they’ll either set up a DDoS IRC bot or a cryptocurrency miner. XMRig, arguably the most well-liked cryptocurrency miner among hackers, is the miner that is being used.
It generates Monero, a privacy-focused cryptocurrency whose transactions appear to be impossible to track and whose users are allegedly impossible to identify, using the computing power of a victim’s endpoints.
Threat actors can use the DDoS IRC bot to execute commands like TCP Flood, UDP Flood, or HTTP Flood. They can execute port scans, Nmap scans, terminate various processes, clear the logs, and other operations. Malicious deployments are continuously thrown at Linux systems, most frequently ransomware and cryptojacking.
“Because of this,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: