Linux computers maliciously enslaved into cryptocurrency issuing bots

19 August 2016

Redis-based servers are cracked by a virus, known as Linux.Lady, because they have no password protection, after the successful break-in, the malicious software starts executing the cryptocurrency creating file with an objective to transform Linux operated machines into issuers of digital currencies.

Dr.Web reported the case noting that the malicious program abuses the Go programming of Google for pouncing servers on the basis of Redis platform vulnerable due to the absence of any password protection set by the administrators. The virus then gathers the data from compromised machines and transfers it to the C&C server, where it can copy it and start executing the mining file spreading to a larger number of machines.

For the start of the cryptocurrency issuing script the virus needs a file for configuration. According to the report it defines the external IP of the cracked PC and operates then using the configuration file. After Linux.Downloader.196 is uploaded onto the PC the malicious program starts uploading the main script transmitting the system information to the C&C server.

According to an expert at the security firm the virus is diverse in forms with the ultimate purpose to bring more money to the perpetrator.

The expert notes that in order to decrease the impact computers need to be cut off from the C&C servers. Besides, in view of the fact that the virus script is fully published on the Internet, developers at security software firms will be able to create proper protection against the malware expansion.

Blockchain techs
ACCC reports over $2 million lost in cryptocurrency scams by Australians in 2017
Analytics
How and where to start your cryptocurrency company?
Banking techs
Tel-Aviv Stock Exchange creates a blockchain-based securities lending platform
Show more posts...