Trend Micro, a Japanese company specializing in cryptographic security, published a report on his website claiming to have found malware that affects the Linux system.
The company found that the hidden activity of KORKERDS by Linux users was extremely suspicious and initiated investigations, where it detected malware, later called Coinminer.Linux.KORKERDS.AB and its rootkit component Rootkit .Linux.KORKERDS.AA. The infection path will be investigated very soon, there is already some information that malware can be installed on the computer through a plug-in or downloaded software. Further technical aspects are described in the report.
The company explains:
"This makes detection difficult because the infected systems will only report performance problems, and the malware can update and update itself and its configuration file."
What is worth mentioning is that such operating systems like Mac OS and Linux are considered immensely secure, so it is difficult to integrate any file without users' consent. The malicious mining software seems to be an integrated plug-in, in which a user gives the consent of the administrator for the installation of anything.
Trend Micro has provided some compromise indicators (IoC) to prevent users from being affected: (Editor's Note: Compromise Indicator (IOC) – is an artifact observed on a network or operating system that indicates a computer intrusion with high security. Typical IOCs are virus signatures and IP addresses, MD5 file hash or malware URLs or botnet command and control server domain names. Source: https://en.wikipedia.org/ )
Related Hash (SHA-256):
- cdd921a5de5d5fffc51f8c9140afa9d23f3736e591fce3f2a1b959d02ab4275e (Trojan.Linux.DLOADER.THAOOAAK)
- baf93d22c9d1ae6954942704928aeeacbf55f22c800501abcdbacfbb3b2ddedf (Coinminer.Linux.KORKERDS.AB)
- 0179fd8449095ac2968d50c23d37f11498cc7b5b66b94c03b7671109f78e5772 (Coinminer.Linux.KORKERDS.AA)
- 023c1094fb0e46d13e4b1f81f1b80354daa0762640cb73b5fdf5d35fcc697960 (Rootkit.Linux.KORKERDS.AA)
Related malicious URL:
- hxxps: // Monero[.]minerxmr[.]ru / 1 / 1535595427x-1.404.817,712 thousand[.]jpg
We want to remind you that regardless of how safe your computer is, in your opinion, it could still be affected by professional cryptohackers. In this way, if you find suspicious files or plugins, read the following article or consult the service center.
What is the hidden extraction, why is it dangerous and how to get rid of the virus?
Subscribe to The Coin Shark Facebook news: https://www.facebook.com/coinshark/