- The malware is also designed to install another malware that is capable of launching DDoS attacks.
- The multicomponent malware is used to mine for Monero.
A new Linux cryptocurrency mining malware has been discovered in the wild. The multicomponent malware is used to mine for Monero and is also designed to install another malware known as BillGates malware, that contains several backdoor functions and is also capable of launching DDoS attacks.
The cryptominer dubbed Linux.BtcMine.174 was discovered by Dr. Web. The Russian antivirus firm found that the malware contains over 1,000 lines of code. The cryptominer is also capable of searching for other miners and removing it.
“It downloads and launches a rootkit, also executed as a shell script. Among the rootkit module’s notable features is the ability to steal user-entered passwords for the sub command and to hide files in the file system, network connections, and running processes,” Dr.Web said in a report.
The cryptominer, once it has a foothold into the system, exploits the DrityCow vulnerability. This is so the miner can gain root permissions and obtain full access to the system. Yet another function of the cryptominer is the the ability to gain information about the remote servers and infected hosts via SSH. This allows the miner propagate itself to even more systems.
Although there are more Windows malware variants out in the wild than Linux malware, this miner demonstrates how cybercriminals are developing new and advanced Linux malware that could soon begin targeting Linux systems as frequently as Windows systems are currently targeted by malware.