Cointime

Download App
iOS & Android

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks.

"Threat actors can also choose to install only scanners and sell the breached IP and account credentials on the dark web," the AhnLab Security Emergency Response Center (ASEC) said in a report on Tuesday.

In these attacks, adversaries try to guess a server's SSH credentials by running through a list of commonly used combinations of usernames and passwords, a technique called dictionary attack.

Should the brute-force attempt be successful, it's followed by the threat actor deploying other malware, including scanners, to scan for other susceptible systems on the internet.

Specifically, the scanner is designed to look for systems where port 22 -- which is associated with the SSH service -- is active and then repeats the process of staging a dictionary attack in order to install malware, effectively propagating the infection.

Another notable aspect of the attack is the execution of commands such as "grep -c ^processor /proc/cpuinfo" to determine the number of CPU cores.

"These tools are believed to have been created by PRG old Team, and each threat actor modifies them slightly before using them in attacks," ASEC said, adding there is evidence of such malicious software being used as early as 2021.

To mitigate the risks associated with these attacks, it's recommended that users rely on passwords that are hard to guess, periodically rotate them, and keep their systems up-to-date.

The findings come as Kaspersky revealed that a novel multi-platform threat called NKAbuse is leveraging a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel for DDoS attacks.

Comments

All Comments

Recommended for you

  • This Is The Year Of Bitcoin, Not Ethereum

    Also Good Performance For The Miners And The US Economy Keeps Humming Along From the 2023 bear market bottom, Bitcoin has rallied almost  500%. Breaking the $100,000 mark will likely have a significant psychological impact on investors. After 15 years and a $2 trillion market cap, even Bitcoin's strongest critics will struggle to maintain their Ponzi scheme arguments.

  • Robinhood Chief Legal Officer Dan Gallagher Says He Won't Become SEC Chairman

    According to market news, Dan Gallagher, the Chief Legal Officer of Robinhood, stated that he would not serve as the Chairman of the US Securities and Exchange Commission.

  • Cosine: After a user used GPT to write a bot with a backdoor code, the private key was sent to a phishing website

    SlowMist Yu Xian stated in a post on the X platform that a user used GPT to write a bot with code and sent the private key to a phishing website. The reason why the private key was stolen was because it was directly sent to the phishing website in the HTTP request body. Yu Xian reminded that when using LLM such as GPT/Claude, one must pay attention to the common fraudulent behavior of these LLM. It was previously mentioned that AI poisoning attacks were carried out, and now this is a real attack case targeting the crypto industry.

  • U.S. Supreme Court rejects Facebook's attempt to avoid shareholder securities fraud lawsuit

     US Supreme Court rejected Facebook's attempt to avoid shareholder securities fraud lawsuits under the META umbrella.

  • The final value of the US one-year inflation rate in November is expected to be 2.6%, the expected value is 2.7%, and the previous value is 2.60%

     the expected final value of the US one-year inflation rate in November is 2.6%, with an expected value of 2.7% and a previous value of 2.60%. The expected final value of the US five-to-ten-year inflation rate in November is 3.2%, with an expected value of 3.1% and a previous value of 3.10%.

  • Polymarket Blocks French Users Amid Government Investigation into Gambling Law Compliance

    Polymarket has blocked users from France following reports of an investigation by the country's gaming authority for compliance with gambling laws. The ban was not stated in Polymarket's terms of service, but French users attempting to access the website using a VPN from a French server were met with a digital blockade. The ANJ, France's national gaming authority, began investigating Polymarket after a French trader placed large bets on Donald Trump winning the 2024 US Presidential election.

  • U.S. stocks open, most crypto stocks open lower

     the US stock market opened with the Dow Jones up 0.19%, the S&P 500 up 0.05%, and the Nasdaq up 0.01%. Most cryptocurrency stocks opened lower, with Coinbase (COIN.O) down 0.06%, MicroStrategy (MSTR.O) up 0.4%, and Riot Platforms (RIOT.O) down 2.6%. Previously, Bitcoin had risen above $99,000 before falling back.

  • Amazon to invest an additional $4 billion in Anthropic, OpenAI's rival

     Amazon is deepening its cooperation with Anthropic and will add an additional $4 billion investment to the company. In September of this year, Anthropic, an artificial intelligence startup, was seeking a new round of financing with a valuation of up to $40 billion. Anthropic was founded by former OpenAI executives in 2021 and focuses on creating interpretable, secure, and controllable artificial intelligence systems. The company's flagship AI model, Claude, operates based on "Constitutional AI," which uses predefined principles to guide its output, avoiding some erroneous or discriminatory output reactions.

  • Rapper 50 Cent claims that his X account was hacked, and the hacker promoted cryptocurrency and defrauded about $300 million

    On June 22nd,famous rapper Curtis James Jackson III (stage name "50 Cent") claimed that his former Twitter account and website were hacked, resulting in hackers promoting a cryptocurrency scam and defrauding victims of $30 million.The hackers created a new cryptocurrency called "GUNIT" and used 50 Cent's large following (approximately 12.9 million fans) to attract more investors and drive up the price, then drained its value, causing the token price to plummet to $0.00016. On June 21st, 50 Cent posted on Instagram to his 32.8 million fans about the hack and admitted that a large amount of funds from victims had been lost from the project. "Twitter quickly locked my account. Whoever did this, got $30 million within 30 minutes," 50 Cent claimed, stating that he had no involvement with this cryptocurrency scam.

  • DeFi project BXH hacker transferred 9491 ETH via Tornado Cash 5 hours ago

    The hacker who stole over $130 million in assets from the DeFi project BXH on October 30, 2021, transferred 9,491 ETH (worth $31.38 million) through Tornado Cash five hours ago, as monitored by blockchain analyst Yu Jin. The hacker collected a total of 9,491 ETH through three addresses and deposited all of these ETH into Tornado Cash through the 0xda9...ad3 address.