The latest news places Monero (XMR) in the hacking spotlight again.
The Outlaw group is currently conducting an active campaign which targets Linux systems in crypto mining attacks, reports ZDNet.
The JASK Special Ops research team has revealed some more details of the attack which seems to have been focused on seizing infrastructure resources in order to support illicit Monero (XMR) mining activities.
Using a refined Shellbot version
It looks like the campaign is using a sophisticated variant of Shellbot which is a Trojan that carves a tunnel between an infected system and a command-and-control server (C2) that’s operated by hackers.
ZDNet reveals that the backdoor is able to collect system and personal data, terminate or run tasks and processes, download payloads, open remote command line shells and more.
“The bot first emerged in November 2018. According to Trend Micro, the malware is the work of the Outlaw group, a rough translation derived from “haiduc,” a Romanian phrase which has been bequeathed to the main hacking tool the group uses,” they write.
Shellbot is an IRC bot that’s distributed via common command injection vulnerabilities which target Linux servers and also various IoT devices.
It can reportedly affect Windows environment and Android devices as well.
The C2 is still active, and the botnet is growing,” the security researchers say.
They continue and explain that “The multistage payloads suggest reuse and repurpose of shellbot code used by operators in different regions of the world, including Brazil and Romania. JASK also has observed newly adapted payloads that craft specific mining tasks for different architectures and post exploitation worm-like behavior.”
Mining Monero became the favorite thing for hackers because they have access to a large number of computers among others.
Monero became a widely-used form of money in the criminal world, and this means that those mining XMR can use it to trade for other goods and services on the crypto market.