Security News > 2023 > June > Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version
Microsoft says Internet-exposed Linux and Internet of Things devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign.
After gaining access to a system, the attackers deploy a trojanized OpenSSH package that helps them backdoor the compromised devices and steal SSH credentials to maintain persistence.
The backdoor shell script deployed at the same time as the trojanized OpenSSH binary will add two public keys to the authorized keys file for persistent SSH access.
While investigating the campaign, Microsoft saw the bots being instructed to download and execute additional shell scripts to brute-force every live host in the hacked device's subnet and backdoor any vulnerable systems using the trojanized OpenSSH package.
"The modified version of OpenSSH mimics the appearance and behavior of a legitimate OpenSSH server and may thus pose a greater challenge for detection than other malicious files," Microsoft said.
Hackers infect Linux SSH servers with Tsunami botnet malware.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)
- Hackers now testing ClickFix attacks against Linux targets (source)
- Microsoft fixes Linux boot issues on dual-boot Windows systems (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Microsoft open-sources Windows Subsystem for Linux at Build 2025 (source)
- Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages (source)