Near-‘perfctl’ Fileless Malware Targets Millions of Linux Servers

October 3, 2024 at 11:01AM A potent and elusive Linux malware, “perfctl,” has been wreaking havoc worldwide for years, targeting millions of servers and compromising thousands. It utilizes a plethora of exploits to gain initial access, and its ambitions expand beyond cryptomining and proxyjacking. Recommendations for mitigating this threat include patching vulnerabilities, restricting file execution, … Read more

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

October 3, 2024 at 10:45AM Linux servers are under attack by a persistent campaign delivering perfctl malware, aiming to run a cryptocurrency miner and proxyjacking software. The elusive and stealthy malware employs sophisticated techniques including exploiting a security flaw in Polkit. It’s recommended to keep systems updated, restrict file execution, and enforce network segmentation to … Read more

Linux malware “perfctl” behind years-long cryptomining campaign

October 3, 2024 at 10:39AM Summary: The Linux malware “perfctl” has evaded detection for at least three years, targeting servers for cryptomining purposes. It exploits misconfigurations and known vulnerabilities to gain initial access, deploys rootkits for evasion, and communicates with threat actors over TOR. Aqua Nautilus offers detection and mitigation strategies to combat perfctl’s activities. … Read more

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

May 15, 2024 at 07:06AM Ebury, a sophisticated malware botnet, has compromised 400,000 Linux servers since 2009, with over 100,000 still affected as of late 2023. It is employed for various nefarious activities such as spam distribution, web traffic redirection, and credential theft, as well as cryptocurrency heists and credit card stealing. The threat actors … Read more

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

March 28, 2024 at 01:51PM A Linux version of the multi-platform backdoor DinodasRAT has been detected by Kaspersky, targeting regions including China, Taiwan, Turkey, and Uzbekistan. It is a C++-based malware capable of harvesting sensitive data and is attributed to various China-nexus threat actors. The backdoor is designed to gain and maintain access via Linux … Read more

New Migo malware disables protection features on Redis servers

February 20, 2024 at 02:44PM Researchers discovered a new malware campaign targeting Linux-based Redis servers, using a piece of malware called ‘Migo’ to mine for cryptocurrency. Migo disables key security features of Redis, allowing attackers to run cryptojacking activities. It also establishes persistence for a Monero miner, uses a rootkit for concealment, and manipulates system … Read more