Stealthy Cryptomining Campaign: How Hackers Turned Ordinary Websites into Malware Havens
VulnCheck uncovered a cryptomining campaign using the Linuxsys miner, active since 2021. By planting malware on compromised legitimate websites, attackers cleverly dodge security filters. Their strategy is sneakier than a ninja in a library, keeping their infrastructure hidden while mining away.
Hot Take:
Who knew that while we were busy arguing whether pineapple belongs on pizza, hackers were secretly cooking up a cryptocurrency buffet right under our noses? This cryptomining campaign is like a digital ninja, stealthily using legitimate websites as its nunchucks. I guess the lesson here is, trust no one, not even your favorite cat meme site!
Key Points:
- The Linuxsys miner has been running a cryptomining campaign since 2021 using compromised legitimate websites.
- The attacker bypasses security filters by planting malware on sites with valid SSL certificates.
- VulnCheck identified exploit attempts linked to the CVE-2021-41773 vulnerability.
- The attack uses a script, linux.sh, to download malware from five compromised websites.
- Indicators of compromise include specific IPs, URLs, and file hashes, with detection rules provided by VulnCheck.
Already a member? Log in here