viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Windows and Linux devices are under attack by a new cryptomining worm
Technology

Windows and Linux devices are under attack by a new cryptomining worm

09/04/2021

Windows and Linux devices are under attack by a new cryptomining worm

Getty Images

A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities, a researcher said.

Research company Juniper started monitoring what it’s calling the Sysrv botnet in December. One of the botnet’s malware components was a worm that spread from one vulnerable device to another without requiring any user action. It did this by scanning the Internet for vulnerable devices and, when found, infecting them using a list of exploits that has increased over time.

The malware also included a cryptominer that uses infected devices to create the Monero digital currency. There was a separate binary file for each component.

Constantly growing arsenal

By March, Sysrv developers had redesigned the malware to combine the worm and miner into a single binary. They also gave the script that loads the malware the ability to add SSH keys, most likely as a way to make it better able to survive reboots and to have more sophisticated capabilities. The worm was exploiting six vulnerabilities in software and frameworks used in enterprises, including Mongo Express, XXL-Job, XML-RPC, Saltstack, ThinkPHP, and Drupal Ajax.

“Based on the binaries we have seen and the time when we have seen them, we found that the threat actor is constantly updating its exploit arsenal,” Juniper researcher Paul Kimayong said in a Thursday blog post.

Juniper Research

Thursday’s post listed more than a dozen exploits that are under attack by the malware. They are:

Advertisement

Exploit Software
CVE-2021-3129 Laravel
CVE-2020-14882 Oracle Weblogic
CVE-2019-3396 Widget Connector macro in Atlassian Confluence Server
CVE-2019-10758 Mongo Express
CVE-2019-0193 Apache Solr
CVE-2017-9841 PHPUnit
CVE-2017-12149 Jboss Application Server
CVE-2017-11610 Supervisor (XML-RPC)
Apache Hadoop Unauthenticated Command Execution via YARN ResourceManager (No CVE) Apache Hadoop
Brute force Jenkins Jenkins
Jupyter Notebook Command Execution (No CVE) Jupyter Notebook Server
CVE-2019-7238 Sonatype Nexus Repository Manager
Tomcat Manager Unauth Upload Command Execution (No CVE) Tomcat Manager
WordPress Bruteforce WordPress

The exploits Juniper Research previously saw the malware using are:

  • Mongo Express RCE (CVE-2019-10758)
  • XXL-JOB Unauth RCE
  • XML-RPC (CVE-2017-11610)
  • CVE-2020-16846 (Saltstack RCE)
  • ThinkPHP RCE
  • CVE-2018-7600 (Drupal Ajax RCE)

Come on in, water’s great

The developers have also changed the mining pools that infected devices join. The miner is a version of the open source XMRig that currently mines for the following mining pools:

  • Xmr-eu1.nanopool.org:14444
  • f2pool.com:13531
  • minexmr.com:5555

A mining pool is a group of cryptocurrency miners who combine their computational resources to reduce the volatility of their returns and increase the chances of finding a block of transactions. According to mining pool profitability comparison site PoolWatch.io, the pools used by Sysrv are three of the four top Monero mining pools.

“Combined together, they almost have 50% of the network hash rate,” Kimayong wrote. “The threat actor’s criteria appears to be top mining pools with high reward rates.”

Juniper Research

The profit from mining is deposited into the following wallet address:

49dnvYkWkZNPrDj3KF8fR1BHLBfiVArU6Hu61N9gtrZWgbRptntwht5JUrXX1ZeofwPwC6fXNxPZfGjNEChXttwWE3WGURa

Nanopool shows that the wallet gained 8 XMR, worth roughly $1,700, from March 1 to March 28. It’s adding about 1 XMR every two days.

Juniper Research

A threat to Windows and Linux alike

The Sysrv binary is a 64-bit Go binary that’s packed with the open source UPX executable packer. There are versions for both Windows and Linux. Two Windows binaries chosen at random were detected by 33 and 48 of the top 70 malware protection services, according to VirusTotal. Two randomly picked Linux binaries had six and nine.

The threat from this botnet isn’t just the strain on computing resources and the non-trivial drain of electricity. Malware that has the ability to run a cryptominer can almost certainly also install ransomware and other malicious wares. Thursday’s blog post has dozens of indicators that administrators can use to see if the devices they manage are infected.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Verizon debuts 5G Connected Device Plan alongside Lenovo’s Flex 5G PC
Up until now, nearly all of the portable 5G cellular …

Verizon debuts 5G Connected Device Plan alongside Lenovo’s Flex 5G PC

Google updates Firebase with new emulator and data analysis tools
Google today updated Firebase, its service for helping developers build …

Google updates Firebase with new emulator and data analysis tools

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Alphabet’s Project Amber uses AI to try to diagnose depression from brain waves
    Alphabet’s Project Amber uses AI to try …
    02/11/2020
  • Google launches TensorFlow library for optimizing fairness constraints
    Google’s TensorFlow Lite Model Maker adapts state-of-the-art …
    14/04/2020
  • Rensselaer focuses IBM’s AiMOS supercomputer on machine learning
    IBM exits facial recognition market, urges ‘national …
    09/06/2020
  • Peak Design Everyday Zip and Everyday Backpack V2 review – TechCrunch
    Peak Design Everyday Zip and Everyday Backpack …
    29/11/2019
  • U.S. Justice Department going ‘full tilt’ on tech antitrust probe
    U.S. Justice Department going ‘full tilt’ on …
    14/08/2020

Popular Posts

  • Mega says it can’t decrypt your files. New POC exploit shows otherwise
    Mega says it can’t decrypt your files. …
    21/06/2022 0
  • 10 Most Common Mutations in Humans – …
    24/05/2022 0
  • 10 Signs You Might Have Already Been …
    24/05/2022 0
  • Digital driver’s license billed as harder than plastic to forge is easily forged
    Digital driver’s license billed as harder than …
    24/05/2022 0
  • Top 10 Horror Novels to Read This …
    25/05/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh