New Cryptocurrency Mining Attack Targets Linux Systems and IoT Devices
A new campaign is targeting internet-facing Linux systems and Internet of Things devices. The intention is to steal device resources for mining cryptocurrency. Microsoft researcher Rotem Sde-Or has described the attackers as using a backdoor with a range of tools and components.
The danger is to any IoT devices that are using default credentials or have some vulnerability that can be exploited. The attack enables the threat actors to deploy a backdoor, hidden through a rootkit, that allows remote control of the target device. According to Sde-Or, the backdoor has two main modules. “The first module is responsible for communicating with the C&C server, while the second module has backdoor functionality. This means that the threat actor uses this module to remotely control the victim’s machine,” he explained.
The second module has three main functionalities, namely:
– Collect system information
– Download additional malicious payloads
– Mine for cryptocurrency using CPU and GPU resources
The mining module is hidden from view using cpulimit to suppress CPU usage and make it more difficult to detect. The code also kills other cryptocurrency miners on the target device to ensure it has access to the maximum possible CPU and GPU resources.
This latest campaign highlights the importance of securing IoT devices by:
– Changing all default credentials to unique, complex passwords
– Keeping firmware updated
– Ensuring all necessary security patches are applied
By following these steps, the risk of an IoT device being targeted can be reduced.Original Article: https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html