Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version


Level 15
Thread author
Top Poster
Mar 13, 2022
Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign.

After gaining access to a system, the attackers deploy a trojanized OpenSSH package that helps them backdoor the compromised devices and steal SSH credentials to maintain persistence.

"The patches install hooks that intercept the passwords and keys of the device's SSH connections, whether as a client or a server," Microsoft said.

"Moreover, the patches enable root login over SSH and conceal the intruder's presence by suppressing the logging of the threat actors' SSH sessions, which are distinguished by a special password."
  • Like
Reactions: vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.