Security News > 2023 > October > Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts.
In a new campaign called 'Qubitstrike,' the threat actors download malicious payloads to hijack a Linux server for cryptomining and to steal credentials for cloud services, such as AWS and Google Cloud.
Qubitstrike attacks are believed to begin with a manual scan for exposed Jupyter Notebooks, followed by a CPU identification to evaluate its mining potential.
The Qubitstrike scripts also install the open-source Diamorphine rootkit for Linux, which is used to hide the presence of any running scripts and malware payloads.
"Diamorphine is well-known in Linux malware circles, with the rootkit being observed in campaigns from TeamTNT and, more recently, Kiss-a-dog," explains the Cado report.
Qubitstrike searches for credentials on the compromised endpoint and sends them back to its operators using the Telegram Bot API. Specifically, the malware iterates through a list of 23 directories that usually host credentials for files named "Credentials," "Cloud," "Kyber-env," and others.
News URL
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- 'Alarming' security bugs lay low in Linux's needrestart server utility for 10 years (source)