The rootkit, which is designed to mask the cryptocurrency miner's activities, is dropped in a code format which is then compiled in GCC. This malware drops the "khugepageds" cryptocurrency miner - flagged as - alongside the rootkit component. This script contains kill process capabilities and is able to download and execute a second shell script, again from a Pastebin source, eventually leading to a third Pastebin shell script download.ĬNET: HTC hopes Exodus 1 phone will cash in on cryptocurrencyĪ Trojan dropper, known as Kerberods, is then fetched and installed. The infection chain begins with a remote command which is sent to fetch a shell script from Pastebin. The researchers, Augusto Remillano II and Robert Malagad, say that CVE-2019–3396 was previously being used to drop the Gandcrab ransomware, and now, the bug is also being utilized to drop rootkits and cryptocurrency mining malware onto vulnerable systems. See also: What should you do when your ICO is dead in the water? Flog it on eBay However, it seems that unpatched Confluence systems are being widely exploited in the new campaign, which focuses on mining Monero.
Ukrainian developers share stories from the war zone The best Wi-Fi router for your home office 3G shutdown is underway: Check your devices now