Cryptomining Malware Uses Rootkit to Hide on Infected Linux Systems

A new cryptocurrency mining malware strain targeting Linux computers and capable of obfuscating itself from both the user and process monitoring tools using a rootkit has been discovered by a team of Trend Micro security researchers.

Because there is no apparent way through which the cryptomining malware manages to compromise and infect the Linux boxes, Trend Micro's researchers think that the bad actors behind this malware strain have been able to compromise a legitimate app and use it to install their malicious tools on targets' computers.

"We construe that this cryptocurrency-mining malware’s infection vector is a malicious, third-party/unofficial or compromised plugin (i.e., media-streaming software)," says Trend Micro's report.

"Installing one entails granting it admin rights, and in the case of compromised applications, malware can run with the privileges granted to the application. It’s not an uncommon vector, as other Linux cryptocurrency-mining malware .

No comments:

Post a Comment