Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign.
After gaining access to a system, the attackers deploy a trojanized OpenSSH package that helps them backdoor the compromised devices and steal SSH credentials to maintain persistence.
"The patches install hooks that intercept the passwords and keys of the device's SSH connections, whether as a client or a server," Microsoft
said.
"Moreover, the patches enable root login over SSH and conceal the intruder's presence by suppressing the logging of the threat actors' SSH sessions, which are distinguished by a special password."
