Malware, Endpoint/Device Security

Trojanized OpenSSH used in Linux, IoT device compromise

BleepingComputer reports that internet-facing Linux and Internet of Things devices have been targeted by brute-force attacks involving the distribution of a trojanized OpenSSH package to facilitate compromise and SSH credential exfiltration. Distributed alongside the trojanized OpenSSH binary is a backdoor shell script, which facilitates the deployment of patches that obtain device passwords and SSH connection keys leading to the installation of the Reptile and Diamorphine open-source LKM rootkits, as well as the removal of other miners, a Microsoft report showed. Attacks were also found to deliver the open-source IRC bot ZiggyStarTux. "The modified version of OpenSSH mimics the appearance and behavior of a legitimate OpenSSH server and may thus pose a greater challenge for detection than other malicious files. The patched OpenSSH could also enable the threat actors to access and compromise additional devices. This type of attack demonstrates the techniques and persistence of adversaries who seek to infiltrate and control exposed devices," said Microsoft.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.