It is currently 18-08-2017 23:11

Discovered a new Linux Trojan for the mining of cryptocurrencies

Discovered a new Linux Trojan for the mining of cryptocurrencies

by sigismund » 2016-08-12 10:19:06


the Main feature of the Trojan is that it is written in the Go programming language.


Researchers from the company "Doctor Web" has discovered a new Linux Trojan that is able to run on the infected system for mining cryptocurrency. The main feature of this malware, dubbed Linux.Lady.1 (according to the classification of "Doctor Web"), is that it is written in the programming language Go developed by Google.

Once on the system, the Trojan collects and sends to C&C server, attackers data about OS, number of CPUs, number of running processes and other information. The Trojan then gets a configuration file to load and run a program designed for cryptocurrency mining. The money is credited to the malware belonging to the criminals e-wallet.

The configuration file contains links to special sites used by the Trojan to determine the external IP address of the infected device. Also, the malware can attack other computers in the network. Trojan tries to connect without password to the remote node via the port used journalismin data store Redis (remote dictionary server) relying on the incorrect configuration of the attacked system.

In case of successful connection, the malware writes to the cron jobs on the remote computer, the script loader, which downloads and installs on the compromised host copy of Linux.Lady.1. After that, the program adds to the list of authorized keys the key for the connection with the affected computer via SSH.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5