Security News > 2023 > June > Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version
Microsoft says Internet-exposed Linux and Internet of Things devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign.
After gaining access to a system, the attackers deploy a trojanized OpenSSH package that helps them backdoor the compromised devices and steal SSH credentials to maintain persistence.
The backdoor shell script deployed at the same time as the trojanized OpenSSH binary will add two public keys to the authorized keys file for persistent SSH access.
While investigating the campaign, Microsoft saw the bots being instructed to download and execute additional shell scripts to brute-force every live host in the hacked device's subnet and backdoor any vulnerable systems using the trojanized OpenSSH package.
"The modified version of OpenSSH mimics the appearance and behavior of a legitimate OpenSSH server and may thus pose a greater challenge for detection than other malicious files," Microsoft said.
Hackers infect Linux SSH servers with Tsunami botnet malware.