Hello everyone!!!
Today we are going to talk about the malware developed for linux operating system. As we all are aware of linux being more secure than windows, but that doesn't means that linux users are completely safe. Malwares affecting linux users are not that much popular as windows is. But, nowadays malicious hackers are trying to target linux users as well with more complex malwares.
Recently, Dr.Web - the first Russian anti-malware company has found a new malware which linux targeted. Any name has not been given to this new malware yet but they discovered it under its universal name 'Linux.BtcMine.174'. As compared with other malwares, this malware is more complex and effective as it is full of malicious activities included in it. The researchers found that the malware in the form of trojan conatins a huge shell script having more than 1000 lines of code in it. The very first function of this script is to get executed on the infected linux system. After execution, it finds a folder having write permission so that the script can get copied in that folder by itself and later it can download malicious modules.
After successful execution and once it get perched on the infected linux system, it starts using any of the two exploits for privilege escalation. CVE-2016-5195 (Dirty COW) & CVE-2013-2094, these are those two exploits which are mentioned in the above line. They are useful in gaining the root permissions and full take over to the Operating System. In its next step, trojan will appoint itself as a local daemon, and if the utility is not already there then it may also downloads the nohup utilities as well. Now, what if I say that this is the setup phase of this trojan.
The main functionality starts after completing the setup process of this trojan. The core or we can say primary role of the trojan is cryptocurrency mining. It will start checking for any other competing cryptocurrency mining malware and in case if it finds any, it will directly terminate it and start the process for mining by downloading it's own Monero-mining operation. Linux.Btc.Mine.174 is not done yet, it starts looking for different anti-virus which are linux-based.
Researchers said that anti-viruses named, safedog, aegis,clamd,avast,deweb-configd,etc. and stops them. The trojan is made in such a way that it adds itself to the autorun entry like '/etc/rc.local', '/etc/rc.d/...', and '/etc/cron.hourly' and also downloads rootkits to the infected systems, according to the Dr.Web. Experts said ,"the ability to steal user-entered passwords for the su command and to hide files in the system, network connections, and running processes." This is what the ability of rootkits which were downloaded by the trojans.
For safety purposes, Dr.Web has already uploaded SHA1 file hashes of this trojan for sysadmins to check their systems whether it is infected/compromised or not. In order to stay safe from such trojans or malwares, keep the below listed points in mind always.
1) Never click on any untrusted link.
2) Never install any third-party softwares on your system.
3) Always check for latest updates and patches available for your system or not.
4) Keep your system up-to-date.
Thank you! Stay updated with NewAgeInformers by following us here:
facebook: CLICK HERE!!!!!!!!!!
Today we are going to talk about the malware developed for linux operating system. As we all are aware of linux being more secure than windows, but that doesn't means that linux users are completely safe. Malwares affecting linux users are not that much popular as windows is. But, nowadays malicious hackers are trying to target linux users as well with more complex malwares.
Recently, Dr.Web - the first Russian anti-malware company has found a new malware which linux targeted. Any name has not been given to this new malware yet but they discovered it under its universal name 'Linux.BtcMine.174'. As compared with other malwares, this malware is more complex and effective as it is full of malicious activities included in it. The researchers found that the malware in the form of trojan conatins a huge shell script having more than 1000 lines of code in it. The very first function of this script is to get executed on the infected linux system. After execution, it finds a folder having write permission so that the script can get copied in that folder by itself and later it can download malicious modules.
After successful execution and once it get perched on the infected linux system, it starts using any of the two exploits for privilege escalation. CVE-2016-5195 (Dirty COW) & CVE-2013-2094, these are those two exploits which are mentioned in the above line. They are useful in gaining the root permissions and full take over to the Operating System. In its next step, trojan will appoint itself as a local daemon, and if the utility is not already there then it may also downloads the nohup utilities as well. Now, what if I say that this is the setup phase of this trojan.
The main functionality starts after completing the setup process of this trojan. The core or we can say primary role of the trojan is cryptocurrency mining. It will start checking for any other competing cryptocurrency mining malware and in case if it finds any, it will directly terminate it and start the process for mining by downloading it's own Monero-mining operation. Linux.Btc.Mine.174 is not done yet, it starts looking for different anti-virus which are linux-based.
Researchers said that anti-viruses named, safedog, aegis,clamd,avast,deweb-configd,etc. and stops them. The trojan is made in such a way that it adds itself to the autorun entry like '/etc/rc.local', '/etc/rc.d/...', and '/etc/cron.hourly' and also downloads rootkits to the infected systems, according to the Dr.Web. Experts said ,"the ability to steal user-entered passwords for the su command and to hide files in the system, network connections, and running processes." This is what the ability of rootkits which were downloaded by the trojans.
For safety purposes, Dr.Web has already uploaded SHA1 file hashes of this trojan for sysadmins to check their systems whether it is infected/compromised or not. In order to stay safe from such trojans or malwares, keep the below listed points in mind always.
1) Never click on any untrusted link.
2) Never install any third-party softwares on your system.
3) Always check for latest updates and patches available for your system or not.
4) Keep your system up-to-date.
Thank you! Stay updated with NewAgeInformers by following us here:
facebook: CLICK HERE!!!!!!!!!!
Comments
Post a Comment