New malware-digging tool on Linux devices

A malware author has just created a digital digging tool that infects Linux devices, using open or default Telnet login information. This new Trojan was discovered by Dr. The Web under the name Linux.BTCMine.26, will dig Monero money and only target x86-64 machines with ARM hardware.

The mining tool infects Linux machines through unsafe Telnet ports

The researchers say trojans use Telnet scanning tools, like the Mirai IoT malware used. BTCMine will randomly scan IPv4 addresses and try to connect via Telnet.

If the port is open or the user uses 1 in the default Telnet certificates, malware connects and runs the command to download and run the actual BTCMine binary file.

This Trojan caught the eyes of Dr. researchers. The web has many references to krebsonsecurity.com, a journalist's personal blog, reputable security researcher Brian Krebs.

New malware-digging tool on Linux devices Picture 1
Refer to Brian Krebs's name or blog

This is not the first malware to mention Krebs or his blog because both are very popular among security researchers and malware authors. In recent years, malware developers have been quite keen to mock Krebs by putting his name in the code.

Virtual money digging tools are increasing

BTCMine is only part of a new trend. Over the past months, researchers from all over the world have discovered many illegal virtual money digging tools. This trend can be seen by the popularity of virtual currencies such as Ethereum, Monero or Zcash. Examples can be mentioned as:

CoinMiner - targeting Windows, through NSA's EternalBlue vulnerability.
DevilRobber - aiming for a Mac to do it again.
Trojan.BtcMine.1259 - targeting Windows through NSA's DoublePulsar vulnerability.
EternalMiner - targets Windows through the SambaCry vulnerability.
Adylkuzz - targeting Windows through NSA's EternalBlue vulnerability.
Bondnet - targeting Windows Servers via RDP.
NsCpuCNMiner - targeting Seagate NSA devices.
Many other tools are aimed at Zcash virtual money.

In order to effectively dig Bitcoin, users need machines with specially optimized hardware but with Ethereum, Monero or Zcash, they can still make a profit using regular computers. Or in BTCMine's case is through Linux machines.

If you are using Telnet to connect to Linux devices, make sure your account has a strong password. If the account has a password, make sure it's not the default password on the device or easily guessed passwords.

virtual money digging digital money digging

Isabella Humphrey

Update 23 May 2019

You should read it

May be interested

New variant of ransomware Arena Crysis appeared
researcher michael gillespie has discovered a new variant of ransomware crysis / dharma that adds the .arena extension to the encrypted file.
Watch out for the risk of spreading the virus from Facebook Messenger on Windows, MacOS and Linux
security researchers at kaspersky lab have discovered a cross-platform campaign taking place on facebook messenger - where users often get video links directed to a fake site, tricking users into installing malware.
WireX DDoS Botnet: tens of thousands of Android phones are hacked
if you believe that just because you download the app from the official google store will not be malware, think again.
LabVIEW vulnerability allows hackers to attack your computer
if you need to use labview software to design machines or industrial devices, you should be alert when opening any vi file (virtual instrument). recently, security researchers have discovered a serious flaw in this software.
The new Gazer - the back door targets the ministries and embassies around the world
security researchers at eset have discovered a new malware with the aim of consular offices, ministries and embassies around the world to track governments and diplomatic activities.
A hacker in the United Kingdom found a way to temporarily encrypt the WannaCry malware
how can fantastic hackers get back stolen data without a penny?