Security News > 2022 > June > New peer-to-peer botnet infects Linux servers with cryptominers
A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency.
At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately.
It infects new hosts by locating and using existing SSH keys or brute-forcing usernames and passwords.
The configurations sent to the malware concern either the miner configuration or updating the peer list.
Akamai modified the program to remove this security measure and found that the admin panel features a configuration overview, host status, peer stats, and miner settings, while it also gives operators updating options.
Panchan uses NiceHash for its mining pools and wallets, so Akamai's analysts couldn't trace transactions or estimate the size of the mining operation, profit, etc.