Techly NewsGet the app

Get the latest tech news

Misconfigured Cloud Servers Targeted with Linux Malware for New Cryptojacking Campaign


Researchers at Cado Security Labs received an alert about a honeypot using the Docker Engine API. "A Docker command was received..." they write, "that spawned a new container, based on Alpine Linux, and created a bind mount for the underlying honeypot server's root directory..." Typically, this is ...

The vurl executable consists solely of a simple shell script function, used to establish a TCP connection with the attacker's Command and Control (C2) infrastructure via the/dev/tcp device file. Citing CADO's researchers, they write that the shell script also "weakens the machine by disabling SELinux and other functions and by uninstalling monitoring agents." "This extensive attack demonstrates the variety in initial access techniques available to cloud and Linux malware developers," Cado notes.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Linux malware

Linux malware

Related news:

News photo

Magnet Goblin hackers use 1-day flaws to drop custom Linux malware

News photo

Free Download Manager releases script to check for Linux malware

« TSMC Reclaims Spot in World's 10 Most Valuable Companies After Stock Rallies to Record
Linux 6.8 kernel has been released »