Security News > 2021 > April > New cryptomining malware builds an army of Windows, Linux bots
A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero miner and self-spreader malware payloads.
While, at first, it was using a multi-component architecture with the miner and worm modules, the botnet has been upgraded to use a single binary capable of mining and auto-spreading the malware to other devices.
Sysrv-hello's propagator component aggressively scans the Internet for more vulnerable systems to add to its army of Monero mining bots with exploits targeting vulnerabilities that allow it to execute malicious code remotely.
After hacking into a server and killing competing cryptocurrency miners, the malware will also spread over the network in brute force attacks using SSH private keys collected from various locations on infected servers.
The latest samples spotted in the wild have also added support for the Nanopool mining pool after removing support for MineXMR. Even though this wallet contains just over 12 XMR, cryptomining botnets regularly use more than one wallet linked to multiple mining pools to collect illegally earned cryptocurrency, and this can quickly add up to a small fortune.
360 Netlab researchers spotted an increasingly active and upgraded version of the z0Miner cryptomining botnet attempting to infect vulnerable Jenkins and ElasticSearch servers to mine for Monero.
News URL
Related news
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)
- Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (source)
- Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Detecting Windows-based Malware Through Better Visibility (source)