- A new malware has been discovered affecting Linux users, that installs bitcoin miners on systems.
- It was discovered by Dr. Web, a Russian antivirus maker that was able to track the malware for an extended period time.
- The malware has over 1,000 lines of code and is more complex than most other Linux malware.
Linux is known to be a much safer OS compared to other desktop alternatives, but it is nowhere near perfect. A new trojan has been discovered by Russian antivirus company Dr. Web. The Linux.BtcMine.174 malware comes with a number of malicious features and has a gigantic amount of code in its shell script.
The trojan is capable of infecting Linux systems and writes permissions into disks to access user systems. The Linux malware is capable of disabling any installed antivirus programs and steal root passwords. It takes advantage of the infamous Dirty COW exploit and can get attackers complete access to the OS. According to Dr. Web, “the Trojan launches and maintains as a Monero (XMR) miner. In an infinite loop, the script checks for updates on a remote server so that it can download and install them if they become available.”
The Linux trojan was primarily designed for cryptocurrency mining and disabling antivirus programs allows the mining process to continue running in the background without being detected. But there is much more to it than just the crypto miner. It also comes with the Bill.Gates trojan that is a known DDoS malware and installs backdoors on infected systems.
The malware takes advantage of an SSH self-spreading mechanism to spread itself. It is capable of stealing SSH credentials, and unless Linux admins restrict access to SSH connections beyond the registered hosts, the malicious program can take advantage and break into systems without alerting anyone. Dr. Web has posted complete details about the malware to help sysadmins scan their systems for the malicious program. It is a fairly new threat and not too many Linux users are aware of it.