Security News > 2023 > October > Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts.
In a new campaign called 'Qubitstrike,' the threat actors download malicious payloads to hijack a Linux server for cryptomining and to steal credentials for cloud services, such as AWS and Google Cloud.
Qubitstrike attacks are believed to begin with a manual scan for exposed Jupyter Notebooks, followed by a CPU identification to evaluate its mining potential.
The Qubitstrike scripts also install the open-source Diamorphine rootkit for Linux, which is used to hide the presence of any running scripts and malware payloads.
"Diamorphine is well-known in Linux malware circles, with the rootkit being observed in campaigns from TeamTNT and, more recently, Kiss-a-dog," explains the Cado report.
Qubitstrike searches for credentials on the compromised endpoint and sends them back to its operators using the Telegram Bot API. Specifically, the malware iterates through a list of 23 directories that usually host credentials for files named "Credentials," "Cloud," "Kyber-env," and others.
News URL
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)