Threat Management, Threat Management, Malware

New cryptominer seeks out root permissions on Linux machines

Researchers at antivirus company Dr.Web have discovered a malicious Monero cryptominer specifically designed for Linux machines, with additional functionality that also allows it to operate as a backdoor.

Named Linux.BtcMine.174, the trojan is described as a shell script containing over 1,000 lines of code. To receive its malicious commands from the attackers, the malware downloads and runs a second trojan, Linux.BackDoor.Gates.9. "This family of backdoors allows commands issued by cybercriminals to be executed and DDoS attacks to be carried out," explains a Dr.Web virus database alert.

The trojan seeks root permissions by using the Linux kernel exploits DirtyCow (CVE-2016-5195) and Linux.Exploit.CVE-2013-2094 to escalate its privileges. This allows it to download and launch a shell script-based rootkit with capabilities that include hiding files and stealing user-entered passwords for the "su" command (used in Linux to switch from one account to another).

Once it achieves root permissions, Linux.BtcMine.174 stops any running anti-virus services it is programmed to avoid, and removes their files. Similarly, the malware also seeks out and removes any other competing miners that may already have been installed on the infected machines.

The trojan also attempts to spread to other machines by collecting data on the various hosts infected users have previously connected with via Secure Shell (SSH), and then attacking those hosts.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.