• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

New Linux Malware Installs Bitcoin Mining Software on Infected Device

August 12th, 2016 Uzair Amir Security, Malware 0 comments
New Linux Malware Installs Bitcoin Mining Software on Infected Device
Share on FacebookShare on Twitter
Beware of Linux.Lady malware- It Converts Linux-based PCs into Crypto-Currency Miners

Security firms have been on a high alert since the beginning of 2016 because of the plethora of scam campaigns and malware emerging on the face of the Internet every now and then. This report is about another such malicious malware that has been designed to exploit defenseless Redis servers.

According to the Russia-based antivirus software retailer Dr. Web the malware, which has been named Linux.Lady is designed with Google’s Go programming language while the malware particularly targets those Redis servers that have been placed online without any passwords by system admins.

Related: BEWARE: uTorrent Update Installs Bitcoin Mining Software

Dr. Web states that:

“This malware possesses the ability to collect information about an infected computer and transfer it to the C&C server, download and launch a crypto-currency mining utility, and attack other computers on the network to install its own copy on them.”

The main purpose of this malware is to convert computers that use Linux into crypto-currency generators. It basically performs three key functions;

* It gains information about an infected computer and sends it to the C&C server (command and control)

* It downloads and launches a crypto-currency mining program after receiving a configuration file from the C&C server

* Searches for other computers on the network to install another copy of the cryptocurrency miner program and looks for Monero, a type of cryptocurrency

The configuration file is integral to the functioning of this malware because without it the malware cannot launch the crypto-currency mining program. Once this is done, it identifies the external IP address of the infected machine as well through the configuration file because the file contains information about special websites that locate the IP addresses.

After performing these three tasks, the Linux.Downloader.196 script is downloaded on the machine in order to further download the key payload and then Linux.Lady sends out the system’s data to the C&C server.

Particularly, this malware affects the misconfigured Redis database servers that haven’t been secured with a password. Reportedly, there are roughly 30,000 such servers operating online at the moment.

Andra Zaharia, the security researcher from Heimdal Security Financial told HackRead that malware comes in many shapes and sizes, but its objective is always the same: to make as much money as possible for the attacker.

”Creating a Trojan to mine for cryptocurrency is a bold task, especially since it will heavily use the resources of the system it affects, so stealthiness may have to be compromised,” she said.

”Given the attack vectors use in this context, the importance of traffic filtering becomes evident once again. Blocking communication to C&C servers can greatly reduce the chances that an infection successfully takes over the system. Since the Trojan’s architecture is all publicly posted on GitHub, cyber security researchers will most likely find a way to combat this threat before it spreads any further,” added Zaharia.

[fullsquaread][/fullsquaread]

Related: CoreBot Can Steal Your Credentials, Download and Execute Malware
The Trojan’s architecture consists of various libraries published on GitHub, a popular collaborative application development service / Source: Dr.Web

The Trojan’s architecture consists of various libraries published on GitHub, a popular collaborative application development service / Source: Dr.Web

  • Tags
  • Alert
  • Bitcoins
  • Cryptocurrency
  • Cyber Crime
  • hacking
  • internet
  • Malware
  • Privacy
  • security
Facebook Twitter LinkedIn Pinterest
Previous article World Anti-Doping Agency Site Hacked; Thousands of Accounts Leaked
Next article Guccifer 2.0 drops private data of more than 200 Democratic Party Members
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

33
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

283
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

97

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us