• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new shc based linux malware targeting systems with cryptocurrency miner

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner

You are here: Home / General Cyber Security News / New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
January 4, 2023

A new Linux malware made employing the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised devices.

“It is presumed that after successful authentication by means of a dictionary attack on inadequately managed Linux SSH servers, numerous malware were put in on the goal technique,” AhnLab Security Unexpected emergency Response Center (ASEC) explained in a report published right now.

Linux malware

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


shc lets shell scripts to be converted directly into binaries, featuring protections in opposition to unauthorized resource code modifications. It is really analogous to the BAT2EXE utility in Windows that is used to convert any batch file to an executable.

In an attack chain specific by the South Korean cybersecurity organization, a successful compromise of the SSH server prospects to the deployment of an shc downloader malware alongside with a Perl-centered DDoS IRC Bot.

The shc downloader subsequently proceeds to fetch the XMRig miner software to mine cryptocurrency, with the IRC bot able of developing connections with a remote server to fetch commands for mounting distributed denial-of-assistance (DDoS) attacks.

Linux malware

“This bot supports not only DDoS attacks these as TCP flood, UDP flood, and HTTP flood, but numerous other functions like command execution, reverse shell, port scanning, and log deletion,” ASEC researchers reported.

The actuality that all the shc downloader artifacts had been uploaded to VirusTotal from South Korea indicates that the campaign is mainly centered on inadequately secured Linux SSH servers in the region.

It’s recommended that users adhere to password hygiene and rotate passwords on a periodic basis to avoid brute-force makes an attempt and dictionary attacks. It truly is also advised to continue to keep the operating devices up-to-day.

Identified this posting interesting? Stick to us on Twitter  and LinkedIn to read extra exclusive information we publish.


Some pieces of this posting are sourced from:
thehackernews.com

Previous Post: «synology releases patch for critical rce vulnerability affecting vpn plus Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
Next Post: NHS is Most Scammed UK Government “Brand” Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.