HomesecurityWindows and Linux devices are attacked by a new cryptomining worm

Windows and Linux devices are attacked by a new cryptomining worm

According to a security researcher, a recently discovered cryptomining worm seems to be targeting more and more Windows and Linux devices.

Windows Linux

See also: North Korean hackers target security researchers again!

The research company Juniper, started monitoring what it calls Sysrv botnet since December. One of the elements of botnet malware was a worm, which spreads from one vulnerable device to another without requiring any action from users. He achieves this by detecting it Internet for vulnerable devices and when it detects them, it infects them using a list of holdings that has grown over time.

The malware also includes a cryptominer that uses infected Windows and Linux devices to create Monero digital currency. There was a separate binary file for each item.

See also: New worm installs XMRig cryptominers on Windows and Linux servers

By March, Sysrv developers had redesigned the malware to combine worm and cryptominer. In addition, they gave the script that the malware loads the ability to add SSH keys, most likely as a way to make it more secure from reboots and to have more advanced features. The worm exploited six vulnerabilities used in businesses, including Mongo Express, XXL-Job, XML-RPC, Saltstack, ThinkPHP and Drupal Ajax.

Windows Linux

«Based on the binaries we have seen and the time we have seen them, we have found that malicious agents are constantly updating their exploitation arsenal.Said the Juniper researcher Paul Kimayong on Thursday.

See also: Hackers violated security cameras of Tesla, Cloudflare and others!

The Juniper Research team found that the malware uses the following vulnerabilities:

  • Mongo Express RCE (CVE-2019-10758)
  • XXL-JOB Unauth RCE
  • XML-RPC (CVE-2017-11610)
  • CVE-2020-16846 (Saltstack RCE)
  • ThinkPHP RCE
  • CVE-2018-7600 (Drupal Ajax RCE)

The threat from this botnet is not only the pressure on computer resources and the drainage of electricity. Malware that has the ability to run a cryptominer almost certainly can also install ransomware and other malware on Windows and Linux devices. THE suspension made by the security company on Thursday has dozens of markers that administrators can use to see if their devices are infected.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement