Nasty New Linux Crypto Malware Compromises Root, Launches DDoS Attacks

With the value of Bitcoin once again experiencing a big drop this past week, you may begin to think that malware developers would begin shifting focus elsewhere. Unfortunately, that's far from being the case. Even if crypto seems to have modest value, that value becomes substantial when you multiply it by every infected machine; it really is easy money for attackers.

In case we needed a reminder that Linux is in fact susceptible to viruses, this latest malware targets that platform specifically. Ultimately, two vulnerabilities need to be exploited (CVE-2016-5195 and CVE-2013-2094) to gain root access, and in effect, full control over the system.

Linux AMD

Once access is gained to the system, a large 1,000-line shell script is run to find a writable folder on the system, which will be used as a dumping spot for updates and any kind of files it might need to pull (such as the nohup utility if it is not already installed).

As much of a nuisance as this malware is, it does have a few humorous aspects about it. The first is that one of its initial actions is to scan the system and kill off any rival malware. It then downloads DDoS malware dubbed "Bill Gates" (remember, this is a Linux malware), and attempts to kill off any antivirus interference.

The malware has other potentially disastrous abilities, which you would expect from a script that has full control over the system. Fortunately, Dr.Web, the antivirus company behind the "Linux.BtcMine.174"discovery, appears to have a fix already in place with its solution - so if you happened to run it, you'd be able to cure your system of this malware disease. Other antivirus solutions are sure to follow suit soon.