Security News > 2023 > October > Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts.
In a new campaign called 'Qubitstrike,' the threat actors download malicious payloads to hijack a Linux server for cryptomining and to steal credentials for cloud services, such as AWS and Google Cloud.
Qubitstrike attacks are believed to begin with a manual scan for exposed Jupyter Notebooks, followed by a CPU identification to evaluate its mining potential.
The Qubitstrike scripts also install the open-source Diamorphine rootkit for Linux, which is used to hide the presence of any running scripts and malware payloads.
"Diamorphine is well-known in Linux malware circles, with the rootkit being observed in campaigns from TeamTNT and, more recently, Kiss-a-dog," explains the Cado report.
Qubitstrike searches for credentials on the compromised endpoint and sends them back to its operators using the Telegram Bot API. Specifically, the malware iterates through a list of 23 directories that usually host credentials for files named "Credentials," "Cloud," "Kyber-env," and others.
News URL
Related news
- PetSmart warns of credential stuffing attacks trying to hack accounts (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (source)
- Retail chain Hot Topic hit by new credential stuffing attacks (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)