If you don’t know how to protect a PC from Sysrv-hello we are going to help you out, it is a new botnet that mines cryptocurrencies on Windows and Linux without your knowledge. Hackers often take advantage of security flaws in computers to carry out their attacks. This is what happens with the new botnet that seeks to mine cryptocurrencies on both Windows and Linux systems. It scans for vulnerabilities to achieve its goal. It is called Sysrv-hello and was discovered by Alibaba Cloud.
Sysrv-hello is a botnet that searches for vulnerabilities in Windows or Linux
Hidden cryptocurrency mining is a very important vulnerability that we should be very attentive to. It can really cause performance issues in our PC and damage our hardware components. It is a type of threat that in recent years has increased considerably due to the rise of cryptocurrency mining.
At the end of the day, hackers are looking for ways to profit. They create new attack techniques, look for bugs they can exploit, and ultimately infect victims’ computers. With Sysrv-hello they manage to sneak a botnet for mining cryptocurrencies on both Windows and Linux. Specifically, it mines Monero, one of the most popular cryptocurrencies.
This botnet was first discovered in February but has been active since December 2020. It has now been updated to be able to use a single binary capable of automatically extracting and sneaking malware onto other devices.
According to security researchers, they rely on vulnerabilities they find in remote code execution in PHPUnit, Apache Solar, Confluence, Laravel, JBoss, Jira, Sonatype, Oracle WebLogic and Apache Struts.
It should be noted that once it has successfully hacked the server, this malware is able to spread across the network through brute force attacks using private SSH keys it collects from infected servers.
There have been mainly six exploited vulnerabilities:
- Mongo Express RCE (CVE-2019-10758).
- XML-RPC (CVE-2017-11610)
- Saltstack RCE (CVE-2020-16846)
- Drupal Ajax RCE (CVE-2018-7600)
- ThinkPHP RCE (no CVE)
- XXL-JOB Unauth RCE (no CVE)
How to protect a PC against cryptocurrency mining?
We have seen how this new botnet is able to infect Windows or Linux systems to carry out its attacks and mine cryptocurrencies. However, we can come across similar threats that can take advantage of our computers to achieve their goal. Avoiding botnet attacks is really important.
Undoubtedly the most important thing to avoid falling victim to this problem is to have updated equipment. The main advice is to always keep your computers up to date. It does not matter what operating system we are using.
It is also going to be important to have security programs. A good antivirus can help prevent many varieties of malicious software. It is essential to use antivirus no matter what operating system we are using.
But another fundamental issue is also common sense. We must avoid making mistakes that can be exploited by hackers and put our computers at risk. For example, it would be a mistake to download programs from third-party sites without verifying whether they are secure or not. Always be careful when downloading attachments from a mail. Also, connecting to unknown Wi-Fi networks might cause irreversible issues.
