Botnets can change CPU settings to increase mining performance

Not only does it hijack vulnerable *nix-based servers and use them to mine cryptocurrencies, the malware also possesses the ability to interfere with and modify the machine's CPU configuration. owner to increase cryptocurrency mining performance to the optimum level.

According to preliminary investigation results, this is a Golang-based malware strain, which is used to exploit known vulnerabilities such as CVE-2020-14882 (Oracle WebLogic) and CVE-2017-11610 (Supervisord) to access to Linux systems, The Record reports. After hijacking a system, they use specialized model-specific registers (MSRs) to disable the hardware pre-installer, a unit that fetches data and transmits from the controller. into the L2 cache before they are needed.

Prefetch - Resource Prefetch - is a technique that has been used for many years and can help increase performance in various tasks. However, disabling it can increase mining performance in XMRig, the cryptocurrency mining software used by crooks, by 15%.

But disabling the hardware pre-installer will degrade performance in valid applications. In return, server operators will have to purchase additional hardware to meet their performance requirements, or increase the power limit for existing hardware. In either case, it all adds up to power consumption and additional costs.

According to the report, this malicious botnet has been exploited since at least December 2020, and mainly targets vulnerabilities in MySQL, Tomcat, Oracle WebLogic, and Jenkins. This shows that it is flexible enough to attack many different programs. It's not clear how widespread these attacks are right now, but they appear to be widespread enough for security researchers to pay more attention to in the near future.