24 November 18, 09:42
Quote:The Russian Dr.Web anti-malware maker discovered a new Linux threat embodied by a Trojan designed to work as a crypto-miner and as a dropper for some other nasty malware payloads such as DDoS backdoors and rootkits.
The new Trojan strain named Linux.BtcMine.174 by the Dr.Web team is a heavy 1,000-line shell script which comes with multiple modules that it will download and write to any folder with write permissions on the infiltrated Linux box.
Once it has managed to dump the extra malware payloads on the compromised machine, Linux.BtcMine.174 will use the nohup POSIX utility to launch itself as a daemon, redirecting its output to a nohup.out file to make detection more difficult.
After installing itself as a service, the Trojan downloads a Linux.BackDoor.Gates.9 Trojan payload that makes it possible for its masters to control the compromised machine and use it to execute DDoS attacks.
Because after compromising its Linux targets the Trojan is running under the privileges of the current user, almost never an administrator account, Linux.BtcMine.174 uses exploits such as Linux.Exploit.CVE-2016-5195 (known as DirtyCow) and Linux.Exploit.CVE-2013-2094 to escalate its privileges and completely take over the Linux machine.
Source: https://news.softpedia.com/news/new-cryp...3958.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
