XMrig crypto miner switches from ARM devices to Intel servers

by Brendan Smith
April 3, 2021
XMrig switches to Intel servers
Written by Brendan Smith

XMrig cryptocurrency mining malware, previously seen only on ARM devices, changed the attack vector and switched to Intel systems and servers.

According to Akamai security researcher Larry Cashdollar, one of his traps was infected with malware for IoT devices targeting Linux-based Intel computers.

“I have been playing close attention to Internet of Things (IoT) malware targeting systems with Telnet enabled, while also collecting samples targeting systems with SSH enabled on port 22. I’ve collected over 650 samples landing in my honeypot within the last week. The honeypot allows logins using known default login credentials for root”, — said Larry Cashdollar.

In addition to configuring Intel x86 and 686 processors, the malware tries to establish an SSH connection and loads under the mask of a gzip archive. Next, the malware checks the computer for other malicious programs (at this stage the installation stops) or an earlier version that needs to be removed.

Next, the miner creates three different directories with different versions of the same files. Each folder contains a version of the crypto miner XMrig 2.14.1 in 32-bit or 64-bit format. Some binaries are named for various Unix utilities, such as ps, in an attempt to merge with the usual list of processes.

Read also: Researchers discovered a new malicious campaign targeting plugins for WordPress

After that, the malware installs the cryptocurrency mining tool itself and modifies the crontab file to ensure operation after a computer reboot. A shell script is also installed to communicate with the C&C server.

“Criminals will continue to monetize insecure resources in every way possible”, — notes Larry Cashdollar.

What can be done?

According to the Akamai recommendations, System administrators need to employ best security practices with the systems they manage. Unsecured services with unpatched vulnerabilities or weak passwords are prime targets for exploitation and abuse. Strong passwords, a vulnerability remediation plan, and two factors of authentication can go a long way to keep systems secure from the most basic and common attacks.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

View all posts

Leave a Reply

Sending