Malware, Breach

Security researchers report Linux malware with cryptocurrency miner payload

South Korean cybersecurity firm AhnLab Security Emergency Response Center said it has observed a new Linux malware in the wild that deploys a cryptocurrency miner on infiltrated systems using a shell script compiler downloader, reports The Hacker News. According to the report, a successful breach will be followed by execution of the shc downloader malware to fetch the XMRig cryptocurrency miner software and a Perl-based DDoS IRC Bot that allows the attacker to connect through a remote server and proceed to mount distributed denial-of-service attacks. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. This bot supports not only DDoS attacks such as TCP flood, UDP flood, and HTTP flood, but various other features including command execution, reverse shell, port scanning, and log deletion," researchers said. Based on the shc downloader artifacts all being uploaded from South Korea, it's likely that the threat actors are primarily targeting poorly secured Linux SSH servers in that country.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.