Tuesday , July 27 2021

Hidden miner hidden under Linux

Yesterday at 21:33


The new miner can be a threat to ordinary Linux users, not just servers.

Photo: pixabay.com

Photo: pixabay.com

Analysts specializing in cyber security discovered the Japanese company Trend Micro, a crypto-money miner KORKERDS, characterized by some atypical behavior. It is reported on the company's website.

Researchers have not yet determined exactly how the threat has spread. However, most likely, the download takes place after some software has been installed or has a security vulnerability.


The researchers were assigned the Coinminer.Linux.KORKERDS.AB identifier for Mining cryptocurrency miner miner (XMR). It is noteworthy that another component is also used – the rootkit that "hides" the mining process from the monitoring tools (Rootkit.Linux.KORKERDS.AA).


After starting the secret miner's job in the system, the CPU load increases to 100%. However, it is not easy for the user to find out why. The status is complex by readdir and readdir64 APIs and a rootkit that uses the hook for libc library. If the normal library file is overwritten, readdir is replaced with a fake version.

Secret-Rootkit by 1024x470

The malicious version of Readdir is used to hide the mining process (kworkerds). After that, despite the fact that the processor load points to suspicious activity, it is much more difficult to define a miner.

According to the researchers, the new miner can be a threat not only to the servers, but also to ordinary Linux users.

recall Launched a mining farm with an area of ​​2500 square meters in Canada.. The project was supported by the local government.

We also wrote this Armenia opened the world's largest data center with three thousand mine machines. Investors invested $ 50 million in the mining project.

By the way, In Ukraine comes the legalization of Bitcoin and other encryption. The concepts of "mining" and "coin" will be specified at the legislative level.

earlier NBU refuses to recognize Bitcoin currency. Crypto currencies, according to the National Bank, is also not a means of payment. Or World regulators are not worried about the threat of any crypto-currency because of their small volume, they are worried that only people can lose their money and fraud.– Then told the vice president of NBU Oleg Chury.

You are currently viewing the following news: "An unusual hidden mine has been detected under Linux." Watch cryptocurrency news in the "latest news" block

Source link