Sat. Aug 15th, 2020

New Trojan mining on the Linux will steal user passwords & removes anti-viruses

2 min read

Russian anti-virus software developer Dr.Web recently discovered a vicious Trojan for the Linux platform. The primary purpose of the Trojan is to mine Monroe.

Unlike most common mining malware, this new Trojan comes with a variety of malicious features such as stealing root passwords to turn off security software.

At the same time, it will also search for potential SSH connection information on the victim’s computer to infect more machines. After the infection, the implanted Trojan will continue to spread.

Linux.BtcMine.174 mining trojan:

Although the name carries Bitcoin, it is a Trojan virus that exploits Monroe. After all, it is too difficult for ordinary computers to dig for Bitcoin.

The security company found that the Trojan would perform multiple operations after infecting the victim’s computer. The most important thing is to hide and use the vulnerability to escalate the rights.

At the same time, the root user password will be collected quietly in the background. If the password is successfully stolen, the highest authority can be obtained, and various security software can be turned off.

If you search for competitors’ mining software, you will also directly remove it to ensure that your interests are maximized, and the infected computer will be mined as a mining machine.

The remote module will also be downloaded to launch the DDoS attack:

Image: drweb

Search for SSH connections trying to infect more devices:

The Trojan also monitors and searches for potential SSH connections in the background. If users use SSH to connect to other computers or servers, they will too be caught by Trojans.

In this way, Trojans can infect more computers or remote servers, and then continue to diverge and attack other computers with new machines as nodes.

At present, the primary mode of transmission of this Trojan has not been checked, but more and more users of the Trojan virus against the Linux platform should also pay attention.