A wave of cryptominer attacks targeting Linux systems has just added a Trojan horse to its capabilities, which should make its action even more dangerous. This observation was detailed by cybersecurity researchers at Trend Micro in an article published a few days ago.
The latter indeed explain having discovered in November a new wave of attacks by a cryptominer – hackers who divert the computing power of their targets to extract Monero integrating the Trojan Chaos, an open source tool which allows attackers to control operating systems remotely.
Extension of the range of malicious actions
The Trojan is downloaded along with the cryptominer, along with a shell script used to remove any other cryptomining malware that may have been installed on the system. Chaos can download, send and delete files, take screenshots, access the file explorer or even open URLs.
The Trojan also appears to be used to connect to a command and control server allowing the delivery of additional malicious payloads. It is therefore possible that malicious hackers will also use Chaos to carry out, beyond cryptomining alone, more damaging cyberattacks, such as the theft of identifiers and logins, or bank data.
“On the surface, this integration of a Trojan with cryptomining malware may seem relatively minor,” write David Fiser and Alfredo Oliveira, researchers at Trend Micro. “But given the range of functions of this tool, it is important to remain very vigilant. »
Regular streams of income
Compromising a single system with cryptomining software is unlikely to generate much profit. But if the attackers infect a large number of systems and servers, the result is more significant, as is the energy bill unwittingly paid by the victim. This allows cybercriminals to generate a steady stream of fraudulent revenue, which is why this technique has become so popular.
Cryptomining attacks typically spread through exploiting known vulnerabilities, or hiding in pirated software available for download. These attacks often go unnoticed because unless the machine is pushed too far, the user is unlikely to notice the drop in performance of their system.
To protect against cryptomining software, it is recommended to follow basic rules of digital hygiene, such as patching and updating software. It is also advisable to deploy tools to limit and filter network traffic to and from malicious hosts, such as firewalls and intrusion detection systems.
Source: ZDNet.com