Security News > 2023 > June > New proxyjacking attacks monetize hacked SSH servers’ bandwidth
Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through proxyware services that pay for sharing unused Internet bandwidth.
Like cryptojacking, which allows attackers to use hacked systems to mine for cryptocurrency, proxyjacking is a low-effort and high-reward tactic of leeching compromised devices' resources.
Proxyjacking is harder to detect because it only leeches on hacked systems' unused bandwidth and doesn't impact their overall stability and usability.
Akamai first spotted the attacks on June 8 after multiple SSH connections were made to honeypots managed by the company's Security Intelligence Response Team.
Once connected to one of the vulnerable SSH servers, the attackers deployed a Base64-encoded Bash script that added the hacked systems to Honeygain's or Peer2Profit's proxy networks.
Hackers infect Linux SSH servers with Tsunami botnet malware.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)