Security News > 2023 > June > Hackers infect Linux SSH servers with Tsunami botnet malware
An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig coin miner.
Network administrators typically use SSH to manage Linux devices remotely, performing tasks such as running commands, changing the configuration, updating software, and troubleshooting problems.
AhnLab Security Emergency Response Center recently discovered a campaign of this type, which hacked Linux servers to launch DDoS attacks and mine Monero cryptocurrency.
The attackers scanned the Internet for publicly-exposed Linux SSH servers and then brute-forced username-password pairs to log in to the server.
To defend against these attacks, Linux users should use strong account passwords or, for better security, require SSH keys to log in to the SSH server.
New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux.
News URL
Related news
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- MikroTik botnet uses misconfigured SPF DNS records to spread malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- New Aquabotv3 botnet malware targets Mitel command injection flaw (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)