New Linux Trojan Can Disable Your Antivirus and Steal Root Passwords

  • A new malware has been discovered affecting Linux users, that installs bitcoin miners on systems.
  • It was discovered by Dr. Web, a Russian antivirus maker that was able to track the malware for an extended period time.
  • The malware has over 1,000 lines of code and is more complex than most other Linux malware.

Linux is known to be a much safer OS compared to other desktop alternatives, but it is nowhere near perfect. A new trojan has been discovered by Russian antivirus company Dr. Web. The Linux.BtcMine.174 malware comes with a number of malicious features and has a gigantic amount of code in its shell script.

The trojan is capable of infecting Linux systems and writes permissions into disks to access user systems. The Linux malware is capable of disabling any installed antivirus programs and steal root passwords. It takes advantage of the infamous Dirty COW exploit and can get attackers complete access to the OS. According to Dr. Web, “the Trojan launches and maintains as a Monero (XMR) miner. In an infinite loop, the script checks for updates on a remote server so that it can download and install them if they become available.”

The Linux trojan was primarily designed for cryptocurrency mining and disabling antivirus programs allows the mining process to continue running in the background without being detected. But there is much more to it than just the crypto miner. It also comes with the Bill.Gates trojan that is a known DDoS malware and installs backdoors on infected systems.

The malware takes advantage of an SSH self-spreading mechanism to spread itself. It is capable of stealing SSH credentials, and unless Linux admins restrict access to SSH connections beyond the registered hosts, the malicious program can take advantage and break into systems without alerting anyone. Dr. Web has posted complete details about the malware to help sysadmins scan their systems for the malicious program. It is a fairly new threat and not too many Linux users are aware of it.

What do you think about the Linux Bitcoin miner discovered by Dr. Web? Let us know in the comments below. Visit TechNadu on  Facebook and Twitter to get the latest deals on Black Friday, and more.


Recent Articles

Multiple Flaws in Apache Guacamole Leave Sour Taste for Corporate Networks

Check Point warns about an exploit chain leading “full network control” attack against corporate networks. The discovered flaws concern the FreeRDP 2.0.0...

Massive “V Shred” Data Breach Exposes More Than 99,000 Customers

“V Shred” has left an unprotected database online, exposing the sensitive details of 99,000 clients. The data that has leaked includes names,...

TrickBot Malware Has Updated Itself With Anti-Analysis Features

TrickBot is now checking what resolution it’s running on and stops if it’s an unusually low setting. The notorious trojan is checking for...

Top Selfie Beautification Apps Available in India Right Now

The ax of the Indian government has cut even the popular selfie beautification image apps “YouCan Makeup,” “Selfie City,” and “Meitu,” in the context...

Top 5 Alternatives for the “DU Battery Saver” That Was Banned in India

Due to the recent ban of 59 Chinese apps imposed by the Indian government, the “DU Battery Saver” has been blocked in the country....