Linux malware “perfctl” behind years-long cryptomining campaign

October 3, 2024 at 10:39AM Summary: The Linux malware “perfctl” has evaded detection for at least three years, targeting servers for cryptomining purposes. It exploits misconfigurations and known vulnerabilities to gain initial access, deploys rootkits for evasion, and communicates with threat actors over TOR. Aqua Nautilus offers detection and mitigation strategies to combat perfctl’s activities. … Read more

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

January 12, 2024 at 03:09AM Cybersecurity researchers have discovered a new attack using misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners and conceal them with rootkits. The attackers exploit flaws to run remote code on targeted systems and hide mining processes. Mitigations include deploying agent-based security solutions to detect and prevent such attacks. … Read more

Rootkit Turns Kubernetes From Orchestration to Subversion

November 22, 2023 at 11:26AM Kubernetes, a popular orchestration platform for containerized software environments, has become a target for attackers. While most attacks have focused on stealing cloud compute resources for cryptocurrency mining, security researchers warn that rootkit infections could give attackers greater control over Kubernetes clusters. These rootkits can hide malicious containers and perform … Read more

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

November 21, 2023 at 05:12AM Kinsing threat actors are using a critical security flaw in Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. The malware deploys a cryptocurrency mining script that utilizes the host’s resources, causing damage to infrastructure and system performance. The group adapts to new vulnerabilities and targets misconfigured … Read more