Xmrig Coinminer

Malware updated 4 months ago (2024-05-04T23:17:39.202Z)

Download STIX

Preview STIX

XMRig CoinMiner is a type of malware that has been identified as part of a wave of attacks on poorly managed Linux SSH servers. These attacks, often conducted by threat actors installing multiple malware families, have been observed to include other harmful software such as ShellBot, Tsunami, and ChinaZ DDoS Bot alongside XMRig CoinMiner. The malware, which can be surreptitiously installed via suspicious downloads, emails, or websites, has the potential to exploit and damage computer systems, steal personal information, disrupt operations, or even hold data hostage for ransom. In specific instances, it was found that XMRig CoinMiner was distributed not only to public Docker containers in conjunction with Tsunami but also to cloud environments. This distribution method demonstrates the adaptability of the threat actors behind these attacks, and their ability to leverage various platforms to propagate the malware. In addition, these actors were seen installing additional malware types like ShellBot and Log Cleaner, further complicating the threat landscape. To combat these threats, administrators are advised to implement robust security measures, including using complex, frequently changed passwords to guard against brute force and dictionary attacks. Regular updates to the latest patches can help prevent vulnerability attacks, while server-accessible firewalls can restrict attacker access. Furthermore, updating V3 to its most recent version is recommended to proactively block malware infections. By following these guidelines, individuals and organizations can significantly reduce their risk of falling victim to malware attacks such as those involving XMRig CoinMiner.

Description last updated: 2024-05-04T23:13:58.707Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Linux

Malware

Ddos

SSH

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Tsunami	Unspecified	2	The "Tsunami" malware, a malicious software designed to exploit and damage computer systems, has caused significant cybersecurity disruptions globally. This malware, whose variants include xmrigDeamon, Bioset, dns3, xmrigMiner, docker-update, dns, 64[watchdogd], 64bioset, 64tshd, armbioset, armdns,
Shellbot	Unspecified	2	ShellBot is a malicious software (malware) that has been targeting poorly managed Linux SSH servers. The malware, which was detected in multiple variants, is primarily being used to carry out distributed denial-of-service (DDoS) attacks. ShellBot exploits the Cacti bug and uses it as a primary lever

Source Document References

Information about the Xmrig Coinminer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Cryptojacking Campaign Infected Online Thesaurus With Over 5 Million Visitors
CERT-EU	a year ago	Hackers Attack Linux SSH Servers with Tsunami DDoS Malware
Securityaffairs	a year ago	PlugX malware delivered by exploiting flaws in Chinese programs
Securityaffairs	a year ago	New Tsunami botnet targets Linux SSH servers
CERT-EU	a year ago	DDoS Malware Distributed Through Compromised Linux SSH Servers
BankInfoSecurity	8 months ago	New Attack Campaign Targets Poorly Managed Linux SSH Servers