Linux Systems with Exposed SSH Ports, Targeted by Python-Based Botnets
Mining cryptocurrency with a botnet comprised of Linux-based systems.
Cybersecurity experts believe that a band of experience cybercriminals have created a botnet made of Linux-based systems and is using them to mine Monero, a cryptocurrency.
RELATED: What is Mining Cryptocurrency?
Apparently, this group of cyber-crooks is using brute-force attacks against Linux systems with exposed SSH ports. If they can find the correct password, they use a Python script to install a Monero miner. Per F5 Networks, attackers are also using a known exploit for the JBoss server (CVE-2017-12149) to help break vulnerable systems, but their primary tactic now seems to be brute-forcing systems with exposed SSH ports.
This attack differs from others of its ilk in that relies on Python scripts and not malware binaries.
Per F5:
“Unlike a binary malware alternative, a scripting language-based malware is more evasive by nature as it can be easily obfuscated… It is also executed by a legitimate binary, which could be one of the PERL/Python/Bash/Go/PowerShell interpreters shipped with almost every Linux/Windows distribution.”
How does this work?
After infecting a victim, the hacker then downloads an initial, very simple base62-encoded “spearhead” Python script that gathers information on the infected system and reports back to a remote C&C server. That server then sends a second Python script in the form of a Python dictionary file that installs a version of Minerd Monero mining client.
Experts say they identified two Monero wallets used by this botnet, which they named PyCryptoMiner. One contained 94 Monero and the second contained 64 Monero, for an approximate total of $60,000.
A Legacy of Bad Action
This doesn’t appear to be the group’s first foray into malfeasance online. The C&C domain names used by PyCryptoMiner are registered to someone with ties to over 36,000 domains names and 234 other email addresses, all of which have been previously used for scams, gambling and pornography.
The ploy does seem to have worked though, at the time F5 published its finding the botnet was down and out of service, but the people behind it had raked in over $60,000. That makes this a relatively small mining botnet, but also serves to illustrate just how lucrative this type of activity can be when it’s done correctly.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown