Larry Cashdollar, a researcher from Akamai SIRT, has said that he noticed a miner that formerly hit only Arm-powered IoT devices aiming Intel systems.

The researchers exposed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux.

“I suspect it’s probably a derivate of other IoT crypto mining botnets,” Cashdollar said. “This one seems to target enterprise systems.”

The expert elucidated that the XMR cryptominer was enhanced for Intel x86 (both 32bit or 64bit architecture) and Intel 686 processors.

“The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. The libraries reside under the directory c/lib I thought it would be required to run the binaries in the tarball, but the binaries are compiled statically, so the libraries are extraneous.” wrote Cashdollar.

“Each directory contains a variation of the XMrig v2.14.1 cryptocurrency miner in either x86 32bit or 64bit format,” continues the expert.“Some of the binaries are named after common Unix utilities, like ps, in an attempt to blend into a normal process list.”

The attack comes from bunches of bargained systems in the Americas, Asia, and Europe.

“Criminals will continue to monetize unsecured resources in any way they can.  System administrators need to employ security best practices with the systems they manage.”  Cashdollar concludes. “Unsecured services with unpatched vulnerabilities or weak passwords are prime targets for exploitation and abuse. Strong passwords, a vulnerability remediation plan, and two factors of authentication can go a long way to keep systems secure from the most basic and common attacks.”

Leave a Reply

Your email address will not be published. Required fields are marked *