A 5-Year-Old Linux flaw is allowing Hackers to turn Linux machines to Cryptomining bots
Crypto boom is everywhere around us and people are going crazy about the Crypto rewards. While there are various benefits of Cryptocurrency and its underlying technologies, people are only focussing on the instant money that is being rewarded with the pump in Cryptocurrency values.
Due to this overnight boom, everyone is trying to accumulate more reserves of Cryptocurrencies in all the possible ways. With the clever understanding of market trends and proper knowledge of crypto trading, one can easily reap huge profits. But wait there will always be some clever minds that try to take advantage of various loopholes to make things easier.
Even though Linux is a near perfect secure operating system, it still has some flaws. In a recent finding by TrendMicro, a new flaw in Linux systems was revealed which gave hackers the advantage to mine Cryptocurrencies using the Linux servers and machines.
Already there are several scripts like Coinhive were in existence that allow site owners and app owners to mine crypto using users hardware resources. In addition to these, some browser extensions were found guilty as they mined crypto secretly using users computer resources.
But this new technique revealed by TrendMicro is one of its kind as it targeted a 5-year-old Linux flaw to tap Linux machines for mining cryptocurrencies. It is stated that these attempts are associated with JenkinsMiner malware.
Earlier the security firm, TrendMicro has also revealed the first Kotlin based Malware that infected Android devices
Getting into more details, the attack has already been launched and Japan, Taiwan, China, United States, India, South Korea, Malaysia, Turkey, and Brazil were majorly affected by this campaign.
This flaw is basically a cross-site scripting (XSS) flaw inin Cacti Network Weathermap tool, which is used to visualize network activity by sysadmins.
It seems like the attack has been launched in 2017 December and has gained some momentum in the last month. Currently, the attack is active and looks like it might spread to more machines soon.
The final payload is a modified XMRig miner. XMRig is a legitimate, open-source XMR miner with multiple updated versions that supports both 32-bit and 64-bit Windows and Linux operating systems. The version that is being used hackers is able to hide the command-line display and renders the configuration or parameters unnecessary.
The attackers mined approximately 320 XMR or about $74,677 (as of March 21, 2018) based on the two wallets.
Fortunately, there is already a patch (CVE-2013-2618) available for the flaw and you can download that. Also, if you wish to be secure on Linux, then you should update your machines with all the latest updates and patches.
Did you find this information useful? Tell us your views on this Crypto mining technique on Linux machines, in the comments below.