Skip to main content

SambaCry: This Linux Malware Is Turning Machines Into CryptoCurrency Miners

A few weeks ago, we got to know about a vulnerability that dealt with all versions of Samba. While a patch was released to fix this SMB protocol issue, researchers have managed to record the attacks using this flaw to target Linux machines and mine
monero cryptocurrency. The SambaCry malware spreads by scanning for Raspberry Pi devices with open SSH port and unchanged ‘pi’ user password.
Over the last few weeks, WanknaCry ransomware had managed to haunt the users of outdated Windows OS. This has also inspired the Linux users to share memes which roasted Windows users. They assumed that the words Linux and malware don’t go hand in hand.
But, a new malware named Linux.MulDrop.14 has managed to target the Raspberry users who haven’t changed the default passwords of their devices. This vulnerability is exploiting an earlier reported Samba vulnerability.
Targeting the older versions of Rasbian OS, the Linux.MulDrop.14 is a Linux Trojan. It’s a bash script that contains a cryptocurrency mining program, which is compressed using gzip and base 64 encryption.countries_proxyM_en
After infecting the Raspberry Pi-powered devices, the cryptocurrency program is launched. Further, the bash script installs libraries needs for mining cryptocurrency. As this malware was uncovered close to WannaCry outbreak, it’s being termed as EternalRed or SambaCry.
“In an infinite loop, using zmap, the Trojan searches for network nodes with an open port 22, after that it uses sshpass to log into them with the following login:password pair: pi:raspberry, and then—to save and run its copy,” malware’s description on Dr. Web’s website says.
According to the Secure List researchers, SambaCry runs the open source miner utility cpuminer (miderd). The cryptocurrency being mined here is monero.
The actions of malware came into the limelight after a Samba patch was released, which concerned with all versions released since 2010. Using the same flaw that can be exploited using SMB protocol, a hacker can open a pipe on Samba servers and execute malicious code remotely.
At the moment, the actual scale of this malware infection is unknown. But, this news must warn sys admins to update their Samba software and make their systems immune to such attacks.
You can find more information about the SambaCry attack on Secure List blog.

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

Microsoft Has Released The First Windows 10 Build 16353 For Insiders

As Fall Creators Update is nearing its release, Skip Ahead was announced last month. It enables fast ring users to continue receiving new features, though the RS_PRERELEASE