Security News > 2023 > January > New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
A new Linux malware developed using the shell script compiler has been observed deploying a cryptocurrency miner on compromised systems.
"It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center said in a report published today.
Shc allows shell scripts to be converted directly into binaries, offering protections against unauthorized source code modifications.
In an attack chain detailed by the South Korean cybersecurity firm, a successful compromise of the SSH server leads to the deployment of an shc downloader malware along with a Perl-based DDoS IRC Bot.
The shc downloader subsequently proceeds to fetch the XMRig miner software to mine cryptocurrency, with the IRC bot capable of establishing connections with a remote server to fetch commands for mounting distributed denial-of-service attacks.
The fact that all the shc downloader artifacts were uploaded to VirusTotal from South Korea suggests that the campaign is mainly focused on poorly secured Linux SSH servers in the country.
News URL
https://thehackernews.com/2023/01/new-shc-based-linux-malware-targeting.html
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- MassJacker malware uses 778,000 wallets to steal cryptocurrency (source)
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings (source)