top of page

Hackers now Hijacking Linux Servers Through SambaCry Exploit to Mine Cryptocurrency

After the WannaCry ransomware attack, that had managed to haunt the users of outdated Windows OS, there is now a SambaCry attack, that is leveraged against Linux servers.

We all assume that the Linux systems are immune to viruses, malware or any other types of attacks. But, Linux systems are indeed attacked by malware – though not viruses. And the latest malware attack known as SambaCry seems to target only Linux servers. This might catch a lot of people by surprise, but,  there are always certain loopholes one can exploit with relative ease, and Linux is no exception.

A new malware named Linux.MulDrop.14 has managed to target the users with older versions of Rasbian OS – Raspberry users who haven’t changed the default passwords of their devices. The Linux Trojan, Linux.MulDrop.14 is a bash script that contains a cryptocurrency mining program, which is compressed using gzip and base 64 encryption.

After infecting the Raspberry Pi-powered devices, the cryptocurrency program is launched. Further, the bash script installs libraries needed for mining cryptocurrency. As this malware was uncovered close to WannaCry outbreak, it’s being termed as EternalRed or SambaCry.

According to the Secure List researchers, SambaCry runs the open source miner utility CPU miner (miderd) and the cryptocurrency being mined here is monero. So far, around $5,400 worth of XMR has been mined already by the assailants from their ventures.

There is no ransom demand involved in this attack. Instead, the criminals simply installed the necessary tools on the server and let it generate XMR along the way. The attacker uses the remote shell to install the modified “CPUminer,” a cryptocurrency mining software that mines “Monero” digital currency, which some researchers have started calling EternalMiner.

Cryptocurrency miner #EternalMiner using #SambaCry #CVE_2017_7494 to infect Linux servers. brand new sample @malwrhunterteam. — Omri Ben Bassat (@omri9741) June 8, 2017

The actions of malware came into the limelight after a Samba patch was released, which concerned with all versions released since 2010. Using the same flaw that can be exploited using SMB protocol, a hacker can open a pipe on Samba servers and execute malicious code remotely.

Hence, it is advised to all the system admins to update their Samba software and make their systems immune to such attacks.

1 view0 comments
bottom of page