New Cryptojacking Malware is Targeting Linux Servers

Monday, 08/07/2019 | 06:55 GMT by Arnab Shome
  • The malware uses XMRig 2.13.1 to mine Monero.
New Cryptojacking Malware is Targeting Linux Servers
Pixabay

Researchers discovered a new cryptocurrency mining malware that is targeting vulnerable computers to mine Monero (XMR).

Dubbed as GoLang, the malware is written in the Go programing language and targets vulnerable Linux-based servers.

In the last few weeks, multiple cybersecurity research groups reported about the malware and, according to the researchers at Trend Micro, the malware not only targets a vulnerable server but also tries to propagate in the entire network.

Many ways to target a system

Another research group, F5, detailed that the malware spreads through seven methods in a network - four methods involve targeting the server-level programming languages, while others involve the misconfigured credentials in the SSH or Redis database.

The researchers also detailed that the malicious code first sends a GET request to ident.me, a service that finds public IP addresses, and then the list of IPs are searched to find open ports 80, 20, 8090, and 6397. If any open port is found in a server, the malware sends a request to download a payload hosted on Pastebin.

To mine the digital currency, GoLang uses a well-known Monero mining script called XMRig 2.13.1.

To hide the propagation or presence of the malware, the malicious code even disables security tools and software and deletes history and logs in the compromised machine. Moreover, it also kills any ongoing Crypto Mining operation in the system to utilize maximum CPU space. It also kills any processes using more than 30 percent of the memory resource.

The cybercriminals even successfully injected the malware in a few mining pools and, according to F5 researchers, they earned less than $2,000 worth of crypto to date from the pools. However, the estimation is based on specific sample wallet addresses owned by the miners.

Cryptojacking has always been a lucrative thing for cybercriminals. Many popular websites were also found to inject mining scripts in visitors computers to mine cryptocurrency without their consent.

Earlier, Finance Magnates reported that an infamous crypto-mining malware, Shellbot, was updated by its developers to shut all crypto mining services on the infected computer to squeeze all the processing power.

Researchers discovered a new cryptocurrency mining malware that is targeting vulnerable computers to mine Monero (XMR).

Dubbed as GoLang, the malware is written in the Go programing language and targets vulnerable Linux-based servers.

In the last few weeks, multiple cybersecurity research groups reported about the malware and, according to the researchers at Trend Micro, the malware not only targets a vulnerable server but also tries to propagate in the entire network.

Many ways to target a system

Another research group, F5, detailed that the malware spreads through seven methods in a network - four methods involve targeting the server-level programming languages, while others involve the misconfigured credentials in the SSH or Redis database.

The researchers also detailed that the malicious code first sends a GET request to ident.me, a service that finds public IP addresses, and then the list of IPs are searched to find open ports 80, 20, 8090, and 6397. If any open port is found in a server, the malware sends a request to download a payload hosted on Pastebin.

To mine the digital currency, GoLang uses a well-known Monero mining script called XMRig 2.13.1.

To hide the propagation or presence of the malware, the malicious code even disables security tools and software and deletes history and logs in the compromised machine. Moreover, it also kills any ongoing Crypto Mining operation in the system to utilize maximum CPU space. It also kills any processes using more than 30 percent of the memory resource.

The cybercriminals even successfully injected the malware in a few mining pools and, according to F5 researchers, they earned less than $2,000 worth of crypto to date from the pools. However, the estimation is based on specific sample wallet addresses owned by the miners.

Cryptojacking has always been a lucrative thing for cybercriminals. Many popular websites were also found to inject mining scripts in visitors computers to mine cryptocurrency without their consent.

Earlier, Finance Magnates reported that an infamous crypto-mining malware, Shellbot, was updated by its developers to shut all crypto mining services on the infected computer to squeeze all the processing power.

About the Author: Arnab Shome
Arnab Shome
  • 6654 Articles
  • 102 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency