AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Security risk: NoaBot affects Linux systems

Emergency in Linux-based systems: NoaBot exploits SSH vulnerabilities for covert cryptocurrency mining

NoaBot is a new malware that targets Linux devices for use in cryptocurrency mining. It hides better than other viruses and spreads by cracking weak SSH passwords. Akamai has studied and tracked NoaBot, providing advice on how to recognize and stop it.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

The panorama of cyber threats is enriched by a new threat: NoaBot. This malware is based on the structure of Mirai, which is known for creating havoc in 2016 through DDoS attacks. Unlike its progenitor, NoaBot aims to install cryptominers on Linux devices, exploiting their resources for cryptocurrency mining. Discovered by Akamai, this dangerous software attempts to crack vulnerable SSH passwords, showing an evolution in cybercriminals' strategy.

Innovative masking methods for NoaBot

A peculiarity of NoaBot is its method of hiding mining activity. Cryptominers normally send the extracted cryptocurrencies directly to the wallets, a process that is easily traceable by researchers. NoaBot, on the other hand, encrypts the configuration settings and reveals them only at the time of execution in memory, changing the typical configuration variable with its own. This makes it much more complex to identify and monitor attacker wallets.

Akamai's research and the diffusion of NoaBot

Over the past year, Akamai has used honeypots to track NoaBot activity, identifying attacks from 849 different IPs. These IPs are distributed across the world, with a significant number coming from China. It is unclear whether NoaBot's reach is limited to monitored devices or whether it is broader, making the botnet potentially larger in size.

Recognize and counter NoaBot

To detect and protect against NoaBot, Akamai has provided a set of indicators of compromise. This malware, being compiled with the UClibc library rather than GCC like Mirai, often evades antivirus systems, being classified differently. It also hides its execution in random folders within the /lib directory. Akamai on its blog provides detailed technical analysis and resources such as the Infection Monkey tool to assist in testing and finding infections.

Follow us on WhatsApp for more pills like this

01/14/2024 20:31

Editorial AI

Last pills

LockBit's response to FBI actionsLockBit's technological revenge: post-attack updates and awareness

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal group

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal data

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at risk