A trojan software has been added to the capabilities of a cryptomining malware campaign that targets Linux-based devices and cloud computing instances, potentially making attacks more severe.
This cryptomining campaign, as described by cybersecurity experts at Trend Micro, uses Linux computers' processing power, in order to sneakily compromise Linux servers and mine for Monero.
Cryptomining attacks are frequently distributed by utilizing common cybersecurity flaws or by being concealed inside cracked software downloads.
One compromised system is unlikely to generate much profit from cryptomining malware, but attackers infect a vast network of compromised servers and computers to produce as much cryptocurrency as possible, with the related energy bill being unknowingly carried by the victim.
Because the affected user is unlikely to notice the decrease in system performance unless the machine is pushed to its limit, the attacks usually go unnoticed. Large networks of infected systems can thus generate a consistent income for threat actors, which is why this method has become a prevalent form of malware.
Remote Access Trojan (RAT)
Cryptojacking campaign comprises a remote access trojan (RAT) in its attacks – the reason why it stands out from other cyberthreat campaigns. Chaos RAT, a trojan malware is free and open source, and allows threat actors to take charge of any operating system.
The RAT is downloaded with XMRig miner, which is utilized by threat actors in order to mine cryptocurrency, comprising of a shell script which is used to eliminate competing miners that could have previously been set up on the system.
Chaos RAT has a variety of potent functions, like the ability to download, upload and delete files, take screenshots, access file explorer, as well as open URLs.
In a blog post, written by Trend Micro researchers David Fisher and Oliveira, stated, “On the surface, the incorporation of a RAT into the infection routine of a cryptocurrency mining malware might seem relatively minor […] However, given the tool's array of functions and the fact that this evolution shows that cloud-based threat actors are still evolving their campaigns, it is important that both organizations and individuals stay extra vigilant when it comes to security.”
In order to secure networks and cloud services against cryptomining malware and numerous other cyberattacks, organizations are advised to employ generic best cybersecurity measures, such as timely patching and updating of software and applications, in order to mitigate the risks of vulnerability being exploited in the outdated versions.
