[ad_1]
A brand new Linux malware developed utilizing the shell script compiler (shc) has been noticed deploying a cryptocurrency miner on compromised methods.
“It is presumed that after profitable authentication by means of a dictionary assault on inadequately managed Linux SSH servers, varied malware had been put in on the goal system,” AhnLab Security Emergency Response Center (ASEC) stated in a report revealed at present.
shc permits shell scripts to be transformed instantly into binaries, providing protections in opposition to unauthorized supply code modifications. It’s analogous to the BAT2EXE utility in Windows that is used to transform any batch file to an executable.
In an assault chain detailed by the South Korean cybersecurity agency, a profitable compromise of the SSH server results in the deployment of an shc downloader malware together with a Perl-based DDoS IRC Bot.
The shc downloader subsequently proceeds to fetch the XMRig miner software program to mine cryptocurrency, with the IRC bot able to establishing connections with a distant server to fetch instructions for mounting distributed denial-of-service (DDoS) assaults.
“This bot helps not solely DDoS assaults corresponding to TCP flood, UDP flood, and HTTP flood, however varied different options together with command execution, reverse shell, port scanning, and log deletion,” ASEC researchers stated.
The reality that every one the shc downloader artifacts had been uploaded to VirusTotal from South Korea means that the marketing campaign is principally targeted on poorly secured Linux SSH servers within the nation.
It’s really helpful that customers observe password hygiene and rotate passwords on a periodic foundation to stop brute-force makes an attempt and dictionary assaults. It’s additionally suggested to maintain the working methods up-to-date.