Hackers often take advantage of security flaws in computers to carry out their attacks. This is what happens with the new botnet that seeks to mine cryptocurrencies on both Windows and Linux systems. It scans for vulnerabilities to achieve its goal. It is Sysrv-hello and was discovered by Alibaba Cloud.
Sysrv-hello, a botnet that searches for vulnerabilities in Windows or Linux
Hidden cryptocurrency mining is a problem to be very aware of, as it can push our computer to the extreme and affect not only performance but also hardware components. It is a type of threat that in recent years has increased considerably due to the rise of digital currencies.
At the end of the day, hackers are looking for ways to profit. They create new attack techniques, look for bugs they can exploit, and ultimately infect victims’ computers. With Sysrv-hello they manage to sneak a botnet for mining cryptocurrencies on both Windows and Linux. Specifically, it mines Monero, one of the most popular cryptocurrencies.
This botnet was first discovered in February but has been active since December 2020. It was in March that it saw a significant increase in inactivity. It has now been updated to be able to use a single binary capable of automatically extracting and sneaking malware onto other devices.
How does Sysrv-hello work? Basically what it does is crawl the Internet looking for vulnerable computers. This way it could infect those systems and introduce its army of botnets and start mining Monero.
According to security researchers, they rely on vulnerabilities they find in remote code execution in PHPUnit, Apache Solar, Confluence, Laravel, JBoss, Jira, Sonatype, Oracle WebLogic, and Apache Struts.
It should be noted that once it has successfully hacked the server, this malware can spread across the network through brute force attacks using private SSH keys it collects from infected servers.
There have been mainly six exploited vulnerabilities, which are as follows:
- Mongo Express RCE (CVE-2019-10758)
- XML-RPC (CVE-2017-11610)
- Saltstack RCE (CVE-2020-16846)
- Drupal Ajax RCE (CVE-2018-7600)
- ThinkPHP RCE (no CVE)
- XXL-JOB Unauth RCE (no CVE)
How to protect ourselves from cryptocurrency mining?
We have seen how this new botnet can infect Windows or Linux systems to carry out its attacks and mine cryptocurrencies. However, we can come across similar threats that can take advantage of our computers to achieve their goal. Avoiding botnet attacks is something we must keep in mind.
Undoubtedly the most important thing to avoid falling victim to this problem is to have updated equipment. We have seen that you need in this case vulnerable, outdated systems. Therefore, the main advice is to always keep your computers up to date. It does not matter what operating system we are using.
It is also going to be important to have security programs. A good antivirus can help prevent many varieties of malicious software that could compromise us in one way or another. It is essential to apply this no matter what operating system we are using.
But another fundamental issue is also common sense. We must avoid making mistakes that can be exploited by hackers and put our computers at risk. For example, it would be a mistake to download programs from third-party sites without verifying whether they are legitimate, download attachments that could be dangerous or log on to an insecure network.
