Trojanized OpenSSH used in Linux, IoT device compromise

BleepingComputer reports that internet-facing Linux and Internet of Things devices have been targeted by brute-force attacks involving the distribution of a trojanized OpenSSH package to facilitate compromise and SSH credential exfiltration. Distributed alongside the trojanized OpenSSH binary is a backdoor shell script, which facilitates the deployment of patches that obtain device passwords and SSH connection keys leading to the installation of the Reptile and Diamorphine open-source LKM rootkits, as well as the removal of other miners, a Microsoft report showed. Attacks were also found to deliver the open-source IRC bot ZiggyStarTux. "The modified version of OpenSSH mimics the appearance and behavior of a legitimate OpenSSH server and may thus pose a greater challenge for detection than other malicious files. The patched OpenSSH could also enable the threat actors to access and compromise additional devices. This type of attack demonstrates the techniques and persistence of adversaries who seek to infiltrate and control exposed devices," said Microsoft.