CryptoPolyTech.com
Crypto, Politics, Tech, Gaming & World News.

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices | CPT PPP Coverage

 | cutline • press clip • news of the day |

Cryptopolytech (CPT) Public Press Pass (PPP)
News of the Day COVERAGE

200000048 – World Newser
•| #World |•| #Online |•| #Media |•| #Outlet |

View more Headlines & Breaking News here, as covered by cryptopolytech.com


New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices appeared on thehackernews.com by The Hacker News.

?Jun 23, 2023?Ravie LakshmananCryptocurrency / IoT

Cryptocurrency Mining

Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency.

“The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations,” Microsoft threat intelligence researcher Rotem Sde-Or said.

“The backdoor also installs a patched version of OpenSSH on affected devices, allowing threat actors to hijack SSH credentials, move laterally within the network, and conceal malicious SSH connections.”

To pull off the scheme, misconfigured Linux hosts are brute-forced to gain initial access, following which the threat actors move to disable shell history and fetch a trojanized version of OpenSSH from a remote server.

The rogue OpenSSH package is configured to install and launch the backdoor, a shell script that allows the attackers to distribute additional payloads and conduct other post-exploitation activities.

Cybersecurity

This includes exfiltrating information about the device, installing open-source rootkits called Diamorphine and Reptile from GitHub, and taking steps to obscure its activity by clearing logs that could alert its presence.

“To ensure persistent SSH access to the device, the backdoor appends two public keys to the authorized_keys configuration files of all users on the system,” the Windows maker said.

The implant also seeks to monopolize the infected system’s resources by eliminating competing crypto mining processes that may be already running on it prior to launching its miner.

Furthermore, it runs a modified version of ZiggyStarTux, an IRC-based distributed denial-of-service (DDoS) client that’s capable of executing bash commands issued from the command-and-control (C2) server. It’s based on another botnet malware called Kaiten (aka Tsunami).

Linux Systems and IoT Devices

The attacks, the tech giant noted, leverage an unnamed Southeast Asian financial institution’s subdomain for C2 communications in an attempt to disguise the malicious traffic.

It’s worth pointing out that the modus operandi detailed by Microsoft overlaps with a recent report from the AhnLab Security Emergency Response Center (ASEC), which detailed attacks targeting exposed Linux servers with crypto mining malware and a Tsunami botnet variant dubbed Ziggy.

The operation has been traced back to an actor named asterzeu, who has offered the toolkit for sale on the malware-as-a-service market. “The complexity and scope of this attack are indicative of the efforts attackers make to evade detection,” Sde-Or said.

The development comes as multiple known security flaws in routers, digital video recorders, and other network software are being actively exploited by threat actors to deploy the Mirai botnet malware, according to Akamai and Palo Alto Networks Unit 42.

“The Mirai botnet, discovered back in 2016, is still active today,” Uni 42 researchers said. “A significant part of the reason for its popularity among threat actors lies in the security flaws of IoT devices.”

“These remote code execution vulnerabilities targeting IoT devices exhibit a combination of low complexity and high impact, making them an irresistible target for threat actors.”

Found this article interesting? Follow us on Twitter ? and LinkedIn to read more exclusive content we post.



Related Posts

FEATURED ‘News of the Day’, as reported by public domain newswires.

Find more, like the above, right here on Cryptopolytech.com by following our extensive quiclick links appearing on images or [NEWSer CHEWSer].
View ALL Headlines & Breaking News here.

Source Information (if available)

This article originally appeared on thehackernews.com by The Hacker News – sharing via newswires in the public domain, repeatedly. News articles have become eerily similar to manufacturer descriptions.

We will happily entertain any content removal requests, simply reach out to us. In the interim, please perform due diligence and place any content you deem “privileged” behind a subscription and/or paywall.

CPT (CryptoPolyTech) PPP (Public Press Pass) Coverage features stories and headlines you may not otherwise see due to the manipulation of mass media.

We compile ‘news of the day’ content in an unbiased manner and contextually classify it to promote the growth of knowledge by sharing it just like New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

First to share? If share image does not populate, please close the share box & re-open or reload page to load the image, Thanks!

You might also like