New Linux-Targeting Crypto-Mining Malware Combines Hiding and Upgrading Capabilities

Published at: Nov. 13, 2018

Japanese multinational cybersecurity firm Trend Micro has detected a new strain of crypto-mining malware that targets PCs running Linux, according to a report published Nov. 8.

The new strain is reportedly able to hide the malicious process of unauthorized cryptocurrency-mining through users’ CPU by implementing a rootkit component. The malware itself, detected by Trend Micro as Coinminer.Linux.KORKERDS.AB, is also reportedly capable of updating itself.

According to the report, the combination of hiding and self-upgrading capabilities gives the malware a great advantage. While the rootkit fails to hide the increased CPU usage and the presence of a running crypto-mining malware, it is also improved by updates, which can completely repurpose the existing code or tools by editing a few “lines of code,” the report notes.

The new crypto-mining malware strain infects Linux PCs via third-party or compromised plugins. Once installed, the plugin reportedly gets admin rights, with malware able to be run with privileges granted to an application. In this regard, Trend Micro mentioned another case of Linux-targeting crypto malware that used the same entry point, and took place in September this year.

Based on web server statistics, the estimated market share of Linux on personal computers amounted to around 1.8 percent in 2016. The share of Microsoft Windows systems in 2016 was around 89.7, while Mac OS served around 8.5 percent of users.

Recently, Cointelegraph reported that a group of South-Korean hackers will face trial for a cryptojacking case that allegedly infected more than 6,000 computers with malicious crypto-mining malware.

In September, a report revealed that leaked code targeting Microsoft systems, which hackers allegedly stole from the U.S. National Security Agency (NSA), sparked a fivefold increase in cryptocurrency mining malware infections.

Tags
Related Posts
Report: Cryptojacking Campaigns Up by 29%, Ransomware Attacks Up 118%
Cybersecurity company McAfee Labs has released its August 2019 threat report, which notes an increase in cryptojacking campaigns and ransomware attacks in Q1 2019. Cryptojacking on the rise McAfee Labs posted their report on the company’s website on Aug. 28. According to the report, crypto jacking — installing and running a cryptocurrency miner without user permission — has been on the rise, with a 29% increase in crypto jacking campaigns in Q1 2019. Additionally, the company discovered new malware families for both Microsoft Windows and Apple users. One crypto jacking campaign they discovered was PsMiner — a crypto jacker for …
Blockchain / Aug. 30, 2019
New Linux Malware Mines Crypto While Remaining Undetectable
Two threat analysts recently stumbled upon new Linux malware that keeps its cryptocurrency mining operations hidden. On Sept. 16, Augusto Remillano II and Jakub Urbanec revealed in a post on Trend Micro, a security intelligence blog, that they found new Linux malware. According to the analysts, this malware is particularly notable because of the way it loads malicious kernel modules to hide its cryptocurrency mining operations. Malware provides hackers full access to infected machine The analysts revealed that Skidmap masks its cryptocurrency mining by utilizing a rootkit, which is a program that installs and executes code on a system without …
Blockchain / Sept. 16, 2019
Malware Shellbot is Now Capable of Shutting Down Other Miners
The Shellbot cryptojacking malware has gone through an update and come out with some new capabilities, technology news website TechCrunch reported on May 1. Per the report, these findings come from Boston-based cybersecurity firm Threat Stack. The company claims that Shellbot, which was first discovered in 2005, has received a major update. The original Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux servers protected by weak passwords. The malware then mines privacy-focused monero (XMR). Threat Stack claims that this new-and-improved version is capable of spreading through an infected network and shutting down other miners …
Blockchain / May 1, 2019
Cybercriminals Sneak in Crypto Mining Malware via Confluence Software Exploit
Cybercriminals are now reportedly exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool made by Atlassian, according to a report by security intelligence firm Trend Micro Inc. on May 7. The exploit that has been developed allows cybercriminals to stealthily install and run a monero (XMR) miner on a vulnerable computer, as well as covering up the mining activity by using a rootkit to hide the malware’s network activity and toll on the host’s central processing unit (CPU). According to an Atlassian security advisory, the vulnerability in question only applies to some older versions of Confluence. The …
Altcoin / May 7, 2019
Japanese Court Acquits Man Accused of Cryptojacking
A Japanese court has acquitted a man who was accused of illicitly mining cryptocurrency by using the computing power of visitors to his website, Japan Today reported on March 27. The Yokohama District Court reportedly ordered to acquit a 31-year-old website designer, who allegedly ran Coinhive on his website to mine digital currency. The program allows the user to take advantage of website visitors’ spare computing power to mine cryptocurrencies — a practice known as cryptojacking. The accused reportedly stated that the program could not be considered a virus. Presiding Judge Toshihiro Homma reportedly said that the man’s actions "[do] …
Blockchain / March 28, 2019