Xmrig Coinminer

Malware updated 23 days ago (2024-11-29T13:31:47.901Z)
Download STIX
Preview STIX
XMRig CoinMiner is a type of malware that has been identified as part of a wave of attacks on poorly managed Linux SSH servers. These attacks, often conducted by threat actors installing multiple malware families, have been observed to include other harmful software such as ShellBot, Tsunami, and ChinaZ DDoS Bot alongside XMRig CoinMiner. The malware, which can be surreptitiously installed via suspicious downloads, emails, or websites, has the potential to exploit and damage computer systems, steal personal information, disrupt operations, or even hold data hostage for ransom. In specific instances, it was found that XMRig CoinMiner was distributed not only to public Docker containers in conjunction with Tsunami but also to cloud environments. This distribution method demonstrates the adaptability of the threat actors behind these attacks, and their ability to leverage various platforms to propagate the malware. In addition, these actors were seen installing additional malware types like ShellBot and Log Cleaner, further complicating the threat landscape. To combat these threats, administrators are advised to implement robust security measures, including using complex, frequently changed passwords to guard against brute force and dictionary attacks. Regular updates to the latest patches can help prevent vulnerability attacks, while server-accessible firewalls can restrict attacker access. Furthermore, updating V3 to its most recent version is recommended to proactively block malware infections. By following these guidelines, individuals and organizations can significantly reduce their risk of falling victim to malware attacks such as those involving XMRig CoinMiner.
Description last updated: 2024-05-04T23:13:58.707Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Malware
Ddos
SSH
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Shellbot Malware is associated with Xmrig Coinminer. ShellBot is a malicious software (malware) variant that has been actively targeting poorly managed Linux SSH servers. As reported by Hacker News and HackRead in March 2023, this Perl-based DDoS bot deploys different variants to exploit these servers. ShellBot, along with another DDoS malware called Unspecified
2
Source Document References
Information about the Xmrig Coinminer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more