New Chinese Antd crypto-mining malware targeting linux servers

Linux

Since last fall, a new cyber-criminal group believed to operate outside of China has hacked into Linux servers and installed a new strain of malware that mines cryptocurrency.

Discovered by Intezer’s security researchers, this new group— which they called Pacha Group — have not directly targeted Linux servers, but the top-run apps. Experts say that Pacha Group hackers use brute-force attacks to compromise services such as WordPress or PhpMyAdmin, and once they have an initial foothold, they increase their access to the underlying server where they deploy their malware in Linux.

GreedyAntd (hereafter Antd) by Intezer. In mid-September 2018, a report by a Chinese security researcher places Antd’s first sighting. Intezer says the source code of the malware overlaps with the source code of another strain of malware discovered this year in January and named Linux. HelloBot, also used by the Pacha Group.

pachagroup-operation

Image: Intezer

Signs indicate that hackers develop and test the malware in parallel and then stick to Antd for current operations. Antd is a complex piece of code, designed around a modular structure and designed to work with multiple command and control servers, according to the technical deep dive of Intezer into the inner workings of the malware.

pachagroup-miner

Image: Intezer

We can assume that the main reason for having such a broad infrastructure involving a large number of components is to make it more resilient to server shutdowns and to provide a modularity factor, “said the Intezer team.”

SEE ALSO:
How Cryptocurrency is changing in 2021?

In addition, having this number of components interconnected with each other also means investing much more effort to clean up a compromised system in question.

Total
2
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
Youtube commenting

YouTube efforts to protect children by turning off comments

Next Post
Chrome & Firefox

Chrome and Firefox borrow the performance features

Related Posts