Security News > 2023 > June > New proxyjacking attacks monetize hacked SSH servers’ bandwidth
Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through proxyware services that pay for sharing unused Internet bandwidth.
Like cryptojacking, which allows attackers to use hacked systems to mine for cryptocurrency, proxyjacking is a low-effort and high-reward tactic of leeching compromised devices' resources.
Proxyjacking is harder to detect because it only leeches on hacked systems' unused bandwidth and doesn't impact their overall stability and usability.
Akamai first spotted the attacks on June 8 after multiple SSH connections were made to honeypots managed by the company's Security Intelligence Response Team.
Once connected to one of the vulnerable SSH servers, the attackers deployed a Base64-encoded Bash script that added the hacked systems to Honeygain's or Peer2Profit's proxy networks.
Hackers infect Linux SSH servers with Tsunami botnet malware.
News URL
Related news
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign (source)