The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered
The researchers revealed that one of his
“I suspect it’s probably a derivate of other IoT crypto mining botnets,” Cashdollar told The Register. “This one seems to target enterprise systems.”
The expert explained that the XMR
The malware attempt to connect via SSH on Port 22 and deliver
“The malware is uploaded as gzip compressed
The IoT malware first checks if the machine has already been infected, if it is the first time the malicious code hit the
“Each directory contains a variation of the XMrig v2.14.1
The expert discovered that the script executes init2, that is one of the files in the
Additionally, the malware installs a shell script that uses to communicate with the command and control server.
The attack originates from clusters of compromised systems in the Americas, Asia, and Europe.
Cashdollar explained that threat actors started scanning the Internet for Intel systems that would accept files over SSH port 22 to maximize their efforts. Summarizing, crooks extended the list of targets passing from Arm and MIPS-powered devices to Intel systems.
“Criminals will continue to monetize unsecured resources in any way they can. System administrators need to employ security best practices with the systems they manage.” Cashdollar concludes. “Unsecured services with unpatched vulnerabilities or weak passwords are prime targets for exploitation and abuse. Str
(SecurityAffairs – Miner, Intel servers)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.