Outlaw hackers return with cryptocurrency mining botnet

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,736
123,875
8,399
Content source
https://www.zdnet.com/article/outlaw-hackers-return-with-cryptocurrency-mining-bot/
The Outlaw hacking group has reemerged and is once again on the radar of cybersecurity researchers following the detection of a botnet attacking systems to mine for cryptocurrency. The botnet spreads a miner for Monero (XMR), Trend Micro said in a blog post on Thursday.

After a honeypot operated by the cybersecurity firm detected a URL spreading the botnet, the team found that the miner was bundled with a Perl-based backdoor component and an SSH backdoor, both of which are elements associated with previous Outlaw attacks.

The latest campaign has focused on China, and considering that the researchers believe Outlaw is still in the testing stage -- due to clues in shell script components and unexecuted, dormant malicious files -- victims may be acting as test subjects for further development of the malware and botnet at large.

To begin the infection chain, Outlaw attempts to brute-force systems via SSH. A shell script is then deployed which downloads and executes the miner payload, as well as extract a TAR file which contains additional malicious scripts and backdoor.

The TAR folder contains binaries which related to the cryptocurrency miner used by the original payload, shell scripts for the execution of the payload, and scripts to control the backdoor.

In addition, there are scripts which are able to detect rival miners already installed on a target system and, if necessary, delete them to eradicate competing forces when CPU power is stolen during mining operations.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Andy Ful, harlan4096 and upnorth
The SSH protocol is usually related to servers. The home users can use it only after installing the SSH client, for example PuTTY. The brute forcing is performed on the open port which is used by SSH service. It can be dangerous for enterprises and organizations. Normally, home users should not be afraid of such attacks, as a primary infection vector. (y)
Of course, when the system is compromised, the malware can download and install PuTTY (or another legal client) to use SSH protocol.
 
  • Like
Reactions: silversurfer and harlan4096
You must log in or register to reply here.

You may also like...