Cryptocurrency mining hackers, a new breed of hackers who are mostly motivated by monetary gains, are on the rise. They have grown in terms of their sophisticated attacks using what is popularly known as crypto hacking techniques to take command of their victims’ computers.
In recent months, a new crypto jacking malware has been raging, its name is Shellbot and was first discovered in 2005. Shellbot is a Trojan malware which has undergone a series of updates to the current iteration. In the latest report by Boston-based security firm Threat Stack, Shellbot has a few detrimental tricks up its ‘sleeve’.
Shellbot was redesigned to employ the SSH brute force technique to infiltrate Linux-based systems with weak passwords to commandeer the system towards mining the privacy-focused Monero cryptocurrency. The latest iteration of the malware has more capabilities including shutting other miners in order to allocate more computing resources towards the hackers’ mining gimmicks. As stated by the authors of the report,
“The main goal of this campaign appears to be monetary gain via crypto mining and propagating itself to other systems on the internet.”
With this capability, it seems that the new iteration of the malware is more focused towards attacking miners as opposed to general computing devices. Since miners are more powerful than normal office computing systems, once the malware infects a mining rig, it is able to command more processing power. Furthermore, most mining setups are using Linux-based operating systems that are target operating systems for the malware.
Threat Stack researchers found the malware in one of the security firms’ customer systems. The report does not mention the customer identity but reveals that the customer has a global presence. Analysis of the malware revealed that the malware was already pulling in about $300 per day through the crypto jacked systems and a total of over $8,000 for the entire period that the malware was operational on the machines.
Threat Stack’s Chief Security Officer said that,
“The threat actors behind this campaign have shown the ability and willingness to update this malware with new functionality after it has gained a foothold on an infected system […] They are fully capable of using this malware to exfiltrate, ransom or destroy data.”