Monero Malware Sees Cryptojackers Hone in on Linux Users

More and more cryptocurrency mining malware continues to hone in on major corporations, hijacking victims to mine altcoin Monero (XMR).

Results from research conducted by a Special Ops team at cybersecurity firm JASK indicated a customized version of trojan Shellbot has become more and more common since it came out in November 2018.

The people behind it, the company confirmed, appear to be a hacker group from Romania known as Outlaw, a translation of the Romanian word “haiduc,” which also lends its name to one of the payloads the malware places in.

“The toolkit observed [...] in use by the attacker contains three primary components: IRC (Internet Relay Chat) botware for Command and Control (C2), a revenue stream via Monero mining, and a popular scan and brute force tool, haiduc,” JASK relayed.

The most recent threat precisely targets users of devices running Linux. In mid-January, a study from Palo Alto Networks discovered another Monero-mining malware targeting Linux users that could disable cloud-based security measures to escape detection.

These “cryptojacking attacks” — putting in malware which secretly mines cryptocurrency on a victim’s device — have become more widespread over the past year.

Malware detections rose by almost 500 percent in the first half of 2018, while a survey in August 2018 relayed that in the United Kingdom alone, over half of businesses had been impacted by cryptojacking at some point.