Security risk: NoaBot affects Linux systems
Emergency in Linux-based systems: NoaBot exploits SSH vulnerabilities for covert cryptocurrency mining
NoaBot is a new malware that targets Linux devices for use in cryptocurrency mining. It hides better than other viruses and spreads by cracking weak SSH passwords. Akamai has studied and tracked NoaBot, providing advice on how to recognize and stop it.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
The panorama of cyber threats is enriched by a new threat: NoaBot. This malware is based on the structure of Mirai, which is known for creating havoc in 2016 through DDoS attacks. Unlike its progenitor, NoaBot aims to install cryptominers on Linux devices, exploiting their resources for cryptocurrency mining. Discovered by Akamai, this dangerous software attempts to crack vulnerable SSH passwords, showing an evolution in cybercriminals' strategy.
Innovative masking methods for NoaBot
A peculiarity of NoaBot is its method of hiding mining activity. Cryptominers normally send the extracted cryptocurrencies directly to the wallets, a process that is easily traceable by researchers. NoaBot, on the other hand, encrypts the configuration settings and reveals them only at the time of execution in memory, changing the typical configuration variable with its own. This makes it much more complex to identify and monitor attacker wallets.
Akamai's research and the diffusion of NoaBot
Over the past year, Akamai has used honeypots to track NoaBot activity, identifying attacks from 849 different IPs. These IPs are distributed across the world, with a significant number coming from China. It is unclear whether NoaBot's reach is limited to monitored devices or whether it is broader, making the botnet potentially larger in size.
Recognize and counter NoaBot
To detect and protect against NoaBot, Akamai has provided a set of indicators of compromise. This malware, being compiled with the UClibc library rather than GCC like Mirai, often evades antivirus systems, being classified differently. It also hides its execution in random folders within the /lib directory. Akamai on its blog provides detailed technical analysis and resources such as the Infection Monkey tool to assist in testing and finding infections.Follow us on WhatsApp for more pills like this