Threat actors have sought to compromise Linux systems with the CoinMiner cryptocurrency mining malware through three novel malicious Python Package Index repository packages, which have been cumulatively downloaded 431 times before being removed from the PyPI repository, reports The Hacker News.
While similar to the culturestreak package used for cryptominer deployment in a previous campaign in terms of the hosting locations for their respective configuration files and coin mining executables, all of the new packages namely catdash, driftme, and modularseven had their illicit functionality hidden within the shell script to better bypass detection, with malicious commands injected into the ~/.bashrc file, according to a report from Fortinet FortiGuard Labs.
"This addition ensures the malware's persistence and reactivation on the user's device, effectively extending the duration of its covert operation. This strategy aids in the prolonged, stealthy exploitation of the user's device for the attacker's benefit," said researcher Gabby Xiong.
