Security News > 2023 > January > New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
2023-01-04 08:32

A new Linux malware developed using the shell script compiler has been observed deploying a cryptocurrency miner on compromised systems.

"It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center said in a report published today.

Shc allows shell scripts to be converted directly into binaries, offering protections against unauthorized source code modifications.

In an attack chain detailed by the South Korean cybersecurity firm, a successful compromise of the SSH server leads to the deployment of an shc downloader malware along with a Perl-based DDoS IRC Bot.

The shc downloader subsequently proceeds to fetch the XMRig miner software to mine cryptocurrency, with the IRC bot capable of establishing connections with a remote server to fetch commands for mounting distributed denial-of-service attacks.

The fact that all the shc downloader artifacts were uploaded to VirusTotal from South Korea suggests that the campaign is mainly focused on poorly secured Linux SSH servers in the country.


News URL

https://thehackernews.com/2023/01/new-shc-based-linux-malware-targeting.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232