Linux-Focused Cryptojacking Gang Tracked to Romania

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A cryptojacking gang that’s likely based in Romania is using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords.

The point of the campaign is mainly to deploy Monero mining malware, Bitdefender researchers said in a report published on Wednesday, though the gang’s kit could let them attempt other types of attacks. Researchers said that they’ve connected the group to at least two distributed-denial-of-service (DDoS) botnets: a variant of the Linux-based DDoS DemonBot botnet called “chernobyl” and a Perl IRC bot.

Why cryptojacking? Because it’s a sweet short-cut to get to the loot. “As you all know, mining for cryptocurrency is slow and tedious, but it can go faster when using multiple systems,” according to the report. “Owning multiple systems for mining is not cheap, so attackers try the next best thing: To remotely compromise devices and use them for mining instead.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top