The Malware that Hacks Computer Servers to Mine Cryptocurrency
In an exclusive report to TechCrunch, Boston-based security firm, Threat Stack, revealed the discovery of a new variation of the Shellbot malware that was capable of breaking into crypto miners’ computers and using their resources to mine cryptocurrencies.
Shellbot Capable of Mining Monero Worth $300 Per Day
First reported by Jask on February 5, 2019, the Shellbot malware had an upgraded version that used an old yet reliable SSH brute force technique. It allowed the malware to break into online Linux servers with weak passwords to use its computation power to mine cryptocurrencies.
Threat Stack suggested that the malware was now capable of doing more. It could spread through a network shutting down all other cryptominers, lever the computers’ processing power and source its cryptocurrency mining operation.
The report quoted:
“The main goal of this campaign appears to be monetary gain via cryptomining and propagating itself to other systems on the internet.”
The malware was first detected on a U.S-based multinational company’s Linux server. The company shut its systems down after realizing that the malware was also targetting other vulnerable machines.
Researchers eventually found the dropper script used to install the malicious payload — the component used to execute the malicious activity — through the malware’s command and control server. The hackers used the IRC chat server which enabled them to check the status of the malware and run commands remotely.
The research reported that the malware used a 272-line script to check for online cryptominers and take over a system to begin mining monero (XMR) which was later sent back to the MoneroHash server. The data from MoneroHash campaign suggested that the malware could make about $300 per day, but the amount may be more if more servers were infected.
Sam Bisbee, Chief Security Officer at Threat Stack, stressed that the malware was “ fully capable of using this malware to exfiltrate, ransom or destroy data.”
Recent Crypto Malware Attacks
The frequency and intensity of malware attacks on both individuals and whole firms are on the rise. In the past two weeks, BTCManager reported four major malware attacks. On April 16, two hackers were convicted of infecting 400,000 computer systems and stealing millions of dollars.
On April 25, credit card malware hackers attacked an Atlanta online store that hosts millions of visitors on its site. The following day, the famous hardware wallet manufacturer Ledger announced that its desktop applications were targeted by malware.
The month of May started with the Electrum wallet facing a DDOS malware attack that reportedly affected 152,000 hosts.