Omri Ben Bassat – an independent security researcher is one of the first to observe a campaign dubbed “EternalMiner”. He has tweeted about the campaign which is said to exploit the ‘SambaCry Flaw’ that allowed attackers to gain remote access of vulnerable Linux and Unix based systems. These systems basically are those that have not been patched so far with the latest updates. According to the findings of security researcher Bassat, threat actors are targeting Linux based systems to infect it with malware that would further help in installing a program called CPUminer.
What is a CPUminer?
A CPUminer is a program that essentially mines Crypto-currency. Crypto-Currency mining is a process that basically relates to bookkeeping services of the coin network further helping in keeping a track of transactions involving crypto-currencies. So basically the malware is enabling attackers to use others systems to make digital money.
There are two kinds of payloads that are reportedly uploaded to the infected Linux machines by the attackers that essentially turn’s the system to a Crypto-Currency Mining Zombie. These payloads perform the malicious actions that are vital in initializing the process of crypto-currency mining. The first payload is INAebsGB.so (A simple reverse shell that allows a remote attacker to access the target system) and the second type of payload is cblRWuoCc.so which is a backdoor that includes Crypto-Currency mining utilities also known as the CPUminer.
Now, the question arises – why these threat actors are using systems belonging to others to mine Crypto-currencies? The answer is pretty simple. It’s the heavy workload nature of mining crypto-currencies that requires greater investments on the hardware and power. Therefore, attackers are constantly on the lookout for Linux based systems and servers that are vulnerable to the SambaCry Exploit that could be used as Crypto-currency mining zombies. Well, this essentially explains the why malwares that are related to Crypto-currency is on the rise and also the monetary benefits involved in performing such actions.
Find the loopholes in your security. Contact us for Vulnerability Assessment and Penetration Testing.