Cybercriminals are making around $60.000 per month just from one miner. Learn how to protect your Linux server.
Monero is the new Bitcoin for cybercrime! As we reported in a previous article cybercriminals are ditching Bitcoin for other cyber coins.
Today our cybersecurity team discovered and investigated a new and ingenious Monero miner. This botnet named PyCryptoMiner, is very evasive and also very profitable making around $60.000 just in December 2017.
It is designed to affect online Linux systems, and it uses multiple vulnerabilities and tactics to be as efficient and invisible as it could.
It is coded ingenious to use Pastebin to receive new command and control server (C&C) assignments when the original C&C isn’t available and also take advantage of the new discovered vuln exploiting CVE-2017-12149 affecting JBoss servers.
There are also many different miners that are using Linux based systems, but this is the only one that takes advantage of Python language based scripting to be more evasive and is easily obfuscated.
The method of attack is modular. First, it attempts to access different Linux based servers by trying different SSH login credentials (the oldie brute force root:password123 style). If this stage is completed new instructions and files are downloaded from C&C server.
Then the infected server is interrogated regarding Host/DNS name, OS name and architecture, number of CPUs, and CPU usage.
We estimate that this miner is present in cyberspace since August 2017 making cybercriminals richer every day by using poorly protected systems and devices.
We also discovered that same cybercriminal are present on the cyberspace since 2012 owning more than 35000 domains, 200 emails, and several adult services which means their web of cybercrimes becomes larger every day with the help from uneducated users regarding cybersecurity.
To protect your device and your data, our top cybersecurity analyst says it is imperative to have a top antivirus on every device that you own, practice good security habits, never access or download suspicious content from the internet and always backup your data.
CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.