Cyber security specialists from companies Check Point, Ixia and Certego found that more than 700 servers on Windows and Linux infected by malicious software RubyMiner used for covert mining of cryptocurrency. The first attack was noticed last week, but the mass nature of the epidemic has changed only recently.
Nonetheless, cyber security experts believe that the hackers only started to deploy their massive activities, this means that in the future may be subject to attack more servers.
As the miner works on servers running Windows and Linux, hackers use to determine the type of server software tool p0f. If old, then cracks start special exploits that infect the server with malicious miner, mining the cryptocurrency at the expense of foreign powers without the knowledge of their owners.
Under Linux code exploit erases all the tasks and sets new: every hour from a specific resource on the server injected the script that installs the software for mining. In some cases after attacks on servers is PyCryptoMiner. Sometimes the attackers are attacking and Oracle WebLogic server for mining cryptocurrency.
The scale is small: wallets, which are connected to RubyMiner contain cryptocurrency only $ 540, but hackers attacking servers WebLogic, several months are mined several hundred thousand dollars.
Our telegram chat about cryptocurrencies.
Telegram chat about iron and mining.
Servers on Linux and Windows massively affects virus-miner
Vyacheslav Larionov