Two weeks agone nosotros reported almost a 7-year-old critical remote code execution vulnerability inwards Samba networking software (re-implementation of SMB networking protocol) that allows a remote hacker to accept total command of a vulnerable Linux in addition to Unix machines.
To know to a greater extent than almost the SambaCry vulnerability (CVE-2017-7494) in addition to how it works, y'all tin read our previous article.
At that time, nearly 485,000 Samba-enabled computers were flora to hold out exposed on the Internet, in addition to researchers predicted that the SambaCry-based attacks too receive got potential to spread merely similar WannaCry ransomware widely.
The prediction came out to hold out quite accurate, equally honeypots railroad train yesteryear the squad of researchers from Kaspersky Lab receive got captured a malware get that is exploiting SambaCry vulnerability to infect Linux computers amongst cryptocurrency mining software.
Another safety researcher, Omri Ben Bassat, independently discovered the same get in addition to named it "EternalMiner."
According to the researchers, an unknown grouping of hackers has started hijacking Linux PCs merely a calendar week later on the Samba flaw was disclosed publicly in addition to installing an upgraded version of "CPUminer," a cryptocurrency mining software that mines "Monero" digital currency.
After compromising the vulnerable machines using SambaCry vulnerability, attackers execute ii payloads on the targeted systems:
- INAebsGB.so — H5N1 reverse-shell that provides remote access to the attackers.
- cblRWuoCc.so — H5N1 backdoor that includes cryptocurrency mining utilities – CPUminer.
"Through the reverse-shell left inwards the system, the attackers tin modify the configuration of a miner already running or infect the victim’s estimator amongst other types of malware," Kaspersky researchers say.Mining cryptocurrencies tin hold out a costly investment equally it requires an enormous total of computing power, but such cryptocurrency-mining malware makes it easier for cybercriminals yesteryear allowing them to apply computing resources of compromised systems to brand the profit.
If y'all receive got been next The Hacker News regularly, y'all must hold out aware of Adylkuzz, a cryptocurrency-mining malware that was using Windows SMB vulnerability at to the lowest degree ii weeks earlier the outbreak of WannaCry ransomware attacks.
The Adylkuzz malware was too mining Monero yesteryear utilizing the enormous total of computing resources of the compromised Windows systems.
The attackers behind SambaCry-based CPUminer laid on receive got already earned 98 XMR, which worth 5,380 today in addition to this figure is continuously rise amongst the growth inwards the number of compromised Linux systems.
"During the get-go twenty-four hr catamenia they gained almost 1 XMR (about $55 according to the currency telephone commutation charge per unit of measurement for 08.06.2017), but during the terminal calendar week they gained almost v XMR per day," the researchers say.The maintainers of Samba has already patched the issue inwards their novel Samba versions 4.6.4/4.5.10/4.4.14, in addition to are urging those using a vulnerable version of Samba to install the spell equally shortly equally possible.
Share This :
comment 0 Comments
more_vert