Attacks with the new Mirai-based botnet dubbed "NoaBot" have been targeted at Linux-based Internet of Things devices to enable the deployment of an updated variant of the XMRig cryptocurrency mining malware since January 2023, according to Ars Technica.
Vulnerable passwords linking SSH connections have been aimed at by the intrusions, which came from 849 different domains, to spread XMRig, a report from Akamai revealed. However, NoaBot has been developed to enable the decryption of configuration settings containing attacker-controlled cryptocurrency wallets only upon the loading of the cryptocurrency miner into memory to evade detection.
"On the surface, NoaBot isn't a very sophisticated campaignit's 'just' a Mirai variant and an XMRig cryptominer, and they're a dime a dozen nowadays. However, the obfuscations added to the malware and the additions to the original source code paint a vastly different picture of the threat actors' capabilities," wrote Akamai Senior Security Researcher Stiv Kupchik.
