Malware Shellbot is Now Capable of Shutting Down Other Miners

Published at: May 1, 2019

The Shellbot cryptojacking malware has gone through an update and come out with some new capabilities, technology news website TechCrunch reported on May 1.

Per the report, these findings come from Boston-based cybersecurity firm Threat Stack. The company claims that Shellbot, which was first discovered in 2005, has received a major update.

The original Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux servers protected by weak passwords. The malware then mines privacy-focused monero (XMR). Threat Stack claims that this new-and-improved version is capable of spreading through an infected network and shutting down other miners running on the same machines.

Threat Stack apparently uncovered the new iteration of Shellbot on the Linux server of an unspecified United States company. While it is still unclear how the malware is delivered, the researchers identified three components and found the script used to install it.

The command and control server of the malware is an Internet Relay Chat (IRC) server, which attackers can use to deliver commands and check the status of an infected server. Shellbot was reportedly making about $300 a day, a figure that stands to grow as the malware spreads. Sam Bisbee, chief security officer at Threat Stack, told TechCrunch that the potential of the virus does not end there:

“They are fully capable of using this malware to exfiltrate, ransom, or destroy data.”

As Cointelegraph reported last week, cybersecurity company MalwareBytes declared illicit crypto mining  against consumers — also known as cryptojacking — “essentially extinct.”Just days later, American software security firm Symantec found a spike in a new crypto mining malware that mainly targets corporate networks.

Tags
Related Posts
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Cryptojacking Attacks Are Seriously Underestimated, Says BlackBerry VP
Cryptojacking attacks are both an internal and external threat, as the hacking groups are getting more organized in attempts to exploit vulnerabilities in the networks. However, there are also cases where some admins use valid entitlements to make money from illegally mining crypto using the firm’s network resources, and many organizations “don’t have great visibility” about it, says Josh Lemos, VP of research and intelligence at BlackBerry. Lemos told Cointelegraph that a crypto mining software is not necessarily malicious but rather opportunistic utilizing compute resources for monetary gain, "although you often find it paired with malicious software,” and it’s also …
Blockchain / Aug. 1, 2020
Cryptojacking Code Found in 11 Open Libraries, Thousands Infected
A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times. Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21. The malicious code was first noticed by a GitHub user, who posted about the issue on Aug. 19. He said that, when executed, the library downloaded additional code from text hosting service Pastebin, which then triggered the malicious mining. The malware also sent the address of the infected host to the attacker, alongside environment variables which …
Blockchain / Aug. 21, 2019
Hackers Mass-Scanning Web for Docker Platforms to Mine Cryptocurrencies
A group of hackers has launched a new cryptojacking campaign on Nov. 24, scanning as many as 59,000 IP networks to find Docker platforms that have API endpoints exposed online, business technology publication ZDNet reports Nov. 26. According to the report, the campaign is targeting vulnerable Docker instances in order to deploy crypto-malware to generate funds for the hacking group by mining Monero (XMR). The mass scanning issue was first discovered by American internet security firm Bad Packets LLC on Nov. 25. Troy Mursch, chief research officer and co-founder of Bad Packets LLC, said that exploit activity targeting exposed Docker …
Blockchain / Nov. 27, 2019
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022