A new Linux malware developed using the shell script compiler (shc) has been observed deploying cryptocurrency miners on compromised systems.
In a report released today, the AhnLab Security Emergency Response Center (ASEC) said, “Various malware is believed to have been installed on the target system after successful authentication via a dictionary attack against an improperly managed Linux SSH server. ‘ said.
shc allows you to convert shell scripts directly to binary, protecting against unauthorized source code modification. This is similar to his BAT2EXE utility in Windows used to convert batch files to executables.
In the attack chain detailed by a South Korean cybersecurity firm, shc downloader malware is deployed along with a Perl-based DDoS IRC bot after successfully compromising an SSH server.
The shc downloader then fetches the XMRig miner software to mine cryptocurrency. IRC bots establish connections with remote servers to fetch commands to launch distributed denial of service (DDoS) attacks.
“The bot supports DDoS attacks such as TCP floods, UDP floods, and HTTP floods, as well as command execution, reverse shell, port scanning, log deletion, and many other features,” said ASEC researchers. said.
The fact that all shc downloader artifacts were uploaded to VirusTotal from South Korea suggests that the campaign is primarily focused on poorly secured Linux SSH servers in South Korea.
To prevent brute force and dictionary attacks, users are encouraged to follow password hygiene and rotate passwords regularly. We also recommend keeping your operating system up to date.
