Good Guy Malware: Linux Virus Removes Other Infections to Mine on Its Own
Coin miners have become the new norm in the malware world, and new versions are getting more complex, being able to hide their processes more effectively in order to avoid detection.
But security vendor Trend Micro has recently come across a new Linux coin miner whose purpose isn’t only to run without users being aware of it, but to also remove the other malware and miners that are found on a compromised system.
In an analysis of the script, the security company explains that it uses code from KORKERDS and relies on crontabs to make sure it launches after reboot.
The script that the malware uses for spreading downloads a modified version of XMR-Stak, a cryptocurrency miner that is specifically aimed at Cryptonight currencies and which can use the most CPUs, as well as NVIDIA and AMD GPUs for its processes.
<… (read more)