A two-month Monero cryptomining campaign targeted both Linux-based servers and Internet of Things devices with a newly discovered malware family called “Linux Rabbit,” researchers have reported.

The operation occurred in two phases, each of which used a distinct version of Linux Rabbit that shares the same code base as the other iteration, according to a Dec. 6 blog post from Anomali Labs.

The first phase commenced in August 2018 and involved the original Linux Rabbit malware, which was coded to infect Linux-based servers in Russia, South Korea, the U.K., and the U.S. The second lasted from September through October and used a self-propagating worm variant of Linux Rabbit known as Rabbot. Rabbot was developed to infect servers across a wider geographic range while also adding Linux-based IoT devices to its target list.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.