After the rise of Bitcoin in 2017 has increased in the past few months the world's interest in the field of cryptocurrencies. This has prompted cybercriminals to think about malicious software that can be used by users who are not likely to exploit their computer and undermine cryptocurrency. Although malware and viruses in GNU/Linux distributions are very few and not common, there is a malicious program recently discovered by Dr.Web named Linux.BtcMine.174.
Linux.BtcMine.174 is a powerful and complex virus consisting of a script with more than 1000 lines of code. When executed, this code causes the virus to replicate itself and download other parts of the code. And installation.
For root permissions, malware uses two exploits, CVE-2016-5195 (also known as Dirty COW) and CVE-2013-2094. As the virus starts immediately in mining once active force the closure of antivirus and shut down all processes that can hinder it. The mined cryptocurrency is Monero (XMR).
In addition, the backdoor for cybercriminals is open because of the ability of malicious software to download the Bill.Gates trojan and a rootkit file. Rootkit is able to perform very advanced tasks such as hiding files and activating some operations. Also the malware is transformed into an autorun in the /etc/rc.local,
/etc/rc.d/…, /etc/cron.hourly. In addition, Linux.BtcMine.174 is mainly deployed by monitoring active connections on the affected computer and then repeating itself whenever possible.
){kind=link}
0 Comments