Skip to main content

SambaCry: This Linux Malware Is Turning Machines Into CryptoCurrency Miners

A few weeks ago, we got to know about a vulnerability that dealt with all versions of Samba. While a patch was released to fix this SMB protocol issue, researchers have managed to record the attacks using this flaw to target Linux machines and mine
monero cryptocurrency. The SambaCry malware spreads by scanning for Raspberry Pi devices with open SSH port and unchanged ‘pi’ user password.
Over the last few weeks, WanknaCry ransomware had managed to haunt the users of outdated Windows OS. This has also inspired the Linux users to share memes which roasted Windows users. They assumed that the words Linux and malware don’t go hand in hand.
But, a new malware named Linux.MulDrop.14 has managed to target the Raspberry users who haven’t changed the default passwords of their devices. This vulnerability is exploiting an earlier reported Samba vulnerability.
Targeting the older versions of Rasbian OS, the Linux.MulDrop.14 is a Linux Trojan. It’s a bash script that contains a cryptocurrency mining program, which is compressed using gzip and base 64 encryption.countries_proxyM_en
After infecting the Raspberry Pi-powered devices, the cryptocurrency program is launched. Further, the bash script installs libraries needs for mining cryptocurrency. As this malware was uncovered close to WannaCry outbreak, it’s being termed as EternalRed or SambaCry.
“In an infinite loop, using zmap, the Trojan searches for network nodes with an open port 22, after that it uses sshpass to log into them with the following login:password pair: pi:raspberry, and then—to save and run its copy,” malware’s description on Dr. Web’s website says.
According to the Secure List researchers, SambaCry runs the open source miner utility cpuminer (miderd). The cryptocurrency being mined here is monero.
The actions of malware came into the limelight after a Samba patch was released, which concerned with all versions released since 2010. Using the same flaw that can be exploited using SMB protocol, a hacker can open a pipe on Samba servers and execute malicious code remotely.
At the moment, the actual scale of this malware infection is unknown. But, this news must warn sys admins to update their Samba software and make their systems immune to such attacks.
You can find more information about the SambaCry attack on Secure List blog.

Comments

WHAT'S HOT

Samsung Overtakes Fitbit In Wearable Sales For First Time

Fitbit has been a top competitor on the global wearable market for a long time, but the South Korea giant Samsung managed to steal the silver crown of the wearable market from Fitbit. According to Strategy Analytics, Samsung gained the

Supermassive Black Holes Found Orbiting Each Other For The First Time

Image Credit: UCR Researchers from Stanford University have identified super-massive binary black holes at the center of Galaxy 0402+379 about 750 billion light years away. The two of the black holes are just 24 light years apart and one of them is orbiting the other. This is the first

System76 Announces Its Own Linux Distribution Named Pop!_OS

Image: System76 Linux machine vendor System76 has launched their own operating system named Pop!_OS. Based on Ubuntu GNOME, this new Linux distro’s Alpha version is right now available for download. The first final release of Pop!_OS will be shipped

"The corruption is everywhere" - Take a look at what a Nigerian saw in the cupcake he bought

A Nigerian man who bought something he thought was a cupcake, got the shocker of his life after he opened the package to see it was a well packaged "bread".


A Nigerian man who bought something he thought was a cupcake, got the shocker of his life after he opened the package to see it was a well packaged "bread".