New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner

[silversurfer]

Content source

https://thehackernews.com/2023/01/new-shc-based-linux-malware-targeting.html

A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems.

"It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center (ASEC) said in a report published today.

In an attack chain detailed by the South Korean cybersecurity firm, a successful compromise of the SSH server leads to the deployment of an shc downloader malware along with a Perl-based DDoS IRC Bot. The shc downloader subsequently proceeds to fetch the XMRig miner software to mine cryptocurrency, with the IRC bot capable of establishing connections with a remote server to fetch commands for mounting distributed denial-of-service (DDoS) attacks.

"This bot supports not only DDoS attacks such as TCP flood, UDP flood, and HTTP flood, but various other features including command execution, reverse shell, port scanning, and log deletion," ASEC researchers said.

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner

Attention Linux users! There is a new malware that has been created using the Shell Script Compiler (shc) and it is deploying a cryptocurrency miner

thehackernews.com