New malware targets Linux, Unix-based machines

By Balamurugan Selvaraj Published on Jun 14, 2017 10:55 AM IST

None can forget the havoc WannaCry ransomware created on Windows machines last month. Followed by this attack, researchers across the globe tried to fix and find other vulnerable flaws. A few weeks back, researchers found vulnerable SMB (short message block) flaw in Samba networking software of Linux and Unix-based machines.

News Today, too, reported this fl aw (CVE-2017-7494), which could allow actors to remotely control Linux machines. Security researcher Omri Ben Bassat discovered a malware campaign named "EternalMiner," that exploits SambaCry vulnerability in Linux computers with crypto currency mining software. Besides him, a team led by Kaspersky security lab also found this campaign.

As soon the SMB flaws in Linux was exposed, Samba networking centre has made an advisory report illustrating the flaws in the earlier versions of the networking software. But after a week, researchers found an unknown actors group

hijacking Linux computers across the world.  The group took over the system and installed upgraded version of CPUminer, a cryptocurrency mining software that mines "Monero" digital currency.

According to the researchers, after infecting the vulnerable machines using SambaCry, attackers execute two payloads on the victim system. One is "INAebsGB.so", a reverse-shell to access the PC remotely and the other is "cblR-WuoCc.so," a backdoor holding cryptocurrency mining utilities like CPUminer. As soon as the hacker infects the system, the malware allows the actor to utilise computing resources for generating revenue, leading to crimes and criminals target on digital currency.

After the arrival of cryptocurrencies in the digital market, underground trading and business have become easier and hidden. But the security in transaction and cryptocurrency storage has some flaws, which led cyber criminals to earn Bitcoins through mining malwares.

Recent reports on Adylkuzz malware attacks before WannaCry attack had emptied many citizen’s Bitcoin wallets and made huge financial loss. Interestingly, that malware, too, uses the same SMB flaw to access the system. Now, the hackers use CPUminer malware to steal cryptocurrencies from Linux-based PCs with SMB flaw.

As per the reports, cyber criminals behind the threat have earned 98 XMR worth of $5,380. "During the first day, they gained about 1 XMR ($55), but during the last week, they gained about 5 XMR per day," the researchers say.

As reported earlier in News Today, Samba-networking software firm provided the patched versions of the software (4.6.4/4.5.10/4.4.14) a few weeks ago. So, users with vulnerable SMB flaw are asked to update their system, to prevent

attacks.