Outlaw hackers return with cryptocurrency mining botnet

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The Outlaw hacking group has reemerged and is once again on the radar of cybersecurity researchers following the detection of a botnet attacking systems to mine for cryptocurrency. The botnet spreads a miner for Monero (XMR), Trend Micro said in a blog post on Thursday.

After a honeypot operated by the cybersecurity firm detected a URL spreading the botnet, the team found that the miner was bundled with a Perl-based backdoor component and an SSH backdoor, both of which are elements associated with previous Outlaw attacks.

The latest campaign has focused on China, and considering that the researchers believe Outlaw is still in the testing stage -- due to clues in shell script components and unexecuted, dormant malicious files -- victims may be acting as test subjects for further development of the malware and botnet at large.

To begin the infection chain, Outlaw attempts to brute-force systems via SSH. A shell script is then deployed which downloads and executes the miner payload, as well as extract a TAR file which contains additional malicious scripts and backdoor.

The TAR folder contains binaries which related to the cryptocurrency miner used by the original payload, shell scripts for the execution of the payload, and scripts to control the backdoor.

In addition, there are scripts which are able to detect rival miners already installed on a target system and, if necessary, delete them to eradicate competing forces when CPU power is stolen during mining operations.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The SSH protocol is usually related to servers. The home users can use it only after installing the SSH client, for example PuTTY. The brute forcing is performed on the open port which is used by SSH service. It can be dangerous for enterprises and organizations. Normally, home users should not be afraid of such attacks, as a primary infection vector. (y)
Of course, when the system is compromised, the malware can download and install PuTTY (or another legal client) to use SSH protocol.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top