Beware Of Malware Shellbot’s Cryptojacking Attempts

The news about the crypto industry losing close to $1.2 billion because of hacks in Q1, was daunting. It exposed how vulnerable the entire industry still is, to breaches and outside attacks.

Keeping in line with that, the popular malware known as the Shellbot cryptojacking malware, seems to have transformed into a more powerful and modified version, after receiving a major update.

These reports are based on the research findings of Boston-based cybersecurity firm Threat Stack. They compared the original malware, which was first discovered in 2005, with the new version that is a threat today.

Threat Stack claims that the original Shellbot was capable of extracting the credentials of SSH remote access services on Linux servers which were protected by weak passwords. Post which, the malware mined privacy-focused monero (XMR).

The new and modified version of the Shellbot malware is more than capable of spreading via an infected network and it will inavariably shut down other miners running on the same machines.

Sam Bisbee, chief security officer at Threat Stack, said that:

They are fully capable of using this malware to exfiltrate, ransom, or destroy data.

The new version of the malware was first discovered on the Linux server of an unspecified United States company, by Threat Stack. According to the researchers, there are three components involved in the distribution of this malware. They also found the script used to install it.

According to them, the command and control server of the malware is an Internet Relay Chat (IRC) server, which can be used by the attackers to deliver commands and check the status of an infected server.

The threat is definitely becoming severe as the malware gets more greedy. According to current reports, it was making about $300 a day. This figure can only increase in the days to come, so people need to exercise more caution.