- Tencent Security Threat Intelligence Center has identified a variety of the WatchBogMiner Trojan in Linux systems.
- The Trojan is said to have exploited remote code execution vulnerabilities.
- In the process, 28 Monero has been mined.
Network attacks are becoming more of a common thing nowadays. In some cases, the attackers control the cryptocurrency mining by exploiting bugs and vulnerabilities in the network. As a result of which many innocent traders have lost their cryptocurrency. Recently, Tencent Security Threat Intelligence Center has identified a variety of the WatchBogMiner Trojan in Linux systems.
Tencent Security is an agency that specifically monitors as well as analyses security threats and potential vulnerabilities. The Trojan is said to have exploited remote code execution vulnerabilities. Moreover, important parts of the server such as Nexus Repository Manager, Supervisord, ThinkPHP, etc are mostly expected locations of the vulnerabilities.
Monero Worth $1900 Have Been Mined In The Hacked Devices
The experts have estimated that roughly tens of thousands of Linux networks are controlled and hacked. In the process, 28 Monero has been mined. Currently, Monero trades at $70.1. This means 28 Monero (XMR) amounts to a total of $1,962.8. The above-mentioned Trojan connects a variety of attack codes on the hardware and then transfers the Monero mining Trojan to the computer.
It has been investigated that this particular Trojan uses third part code snippet savers such as Pastebin, in order to store their harmful codes. The attacker constantly takes the Monero mining trojan. Then it stealthily places it in the memory and then deletes the Trojan file to erase all its traces. Furthermore, it clears all the existence of other Trojan’s in the system to ensure its dominance over the system while mining.
Investigations Suggest The Trojan Variant May Have Exploited Over 10000 Servers
The WatchBogMiner uses the recognised SSH RSA keys to establish SSH connections. SSH or Secure Shell is a widely used network protocol used by hackers to establish secured network services over unsecured servers. Wallet computing power is 120Kh/s. Furthermore, according to data, it has been estimated that the latest variant of the Trojan has compromised over 10000+ servers in order to control mining.
In order to safeguard systems from such malicious attacks, the Tencent securities have prescribed some of their services. For cloud-native safety protection the three services are namely, Tencent T-Sec host security, Tencent T-Sec host security, and lastly Tencent T-Sec vulnerability scanning service. And for non-cloud enterprise protections, Tencent T-Sec Advanced Threat Detection System and Tencent T-Sec Terminal Security Management System.