Proxyjacking

Proxyjacking is a form of malware that targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software. This malicious software, known as perfctl, has been terrorizing Linux servers worldwide for years, infecting thousands of victims by hijacking their IP addresses for personal use or selling it to other cybercriminals. Despite the primary goal being to run cryptominers, experts warn that it also executes proxyjacking software, which can disrupt operations, steal personal information, or hold data hostage for ransom. Perfctl malware hides its loud activities such as cryptomining and proxyjacking, making it difficult to detect. It cancels any containers running on the node to install a Docker container to handle the proxyjacking process. Once everything is in place, the attacker can exit the network without leaving a trace. Not only does this malware enable attackers to earn money through cryptomining and proxyjacking, but it also allows them to steal secrets and potentially sell access to servers related to big companies in the cyber underground. Researchers have warned those running Linux servers to take immediate steps to protect their environments from perfctl and other fileless malware. Mitigation strategies include monitoring for suspicious downloads, emails, or websites that could serve as entry points for the malware. The threat posed by perfctl underscores the importance of maintaining up-to-date security measures and configurations, particularly for Linux servers which have been specifically targeted by this ongoing campaign.