Anytime hackers want to make instant money, mining cryptocurrency is the best way to go. The Shellbot Cryptojacking malware has got an update and now consists of some new features, as per the reports shared by TechCrunch on May 1.
According to the report, the latest research was done by the Boston-based security firm Threat slack. The firm asserts that the Shellbot, which was initially found in 2005 had received a new update.
The initial Shellbot has the ability to brute-force the credentials of SSH remote access services on Linux servers protected by weak passwords. Later, the malware mines privacy-focused Monero (XMR). Threat Stack ensures that new and updated version ability to spread via an infected network and shut down machines of other mines running on the same machines. Thus, it enables the malware to free up more processing power for its cryptomining operation.
The research stated, "The main goal of this campaign appears to be monetary gain via cryptomining and propagating itself to other systems on the internet."
Threat stack disclosed the new iteration of Shellbot on the Linux server for an unspecified United States firm. However, it is still not known how the malware is delivered, the researchers discovered three components as well as the script which is used to install it.
The Command and Control server of the malware is mainly an Internet Relay Chat (IRC) server which attackers used to verify the status of the malware and check the status of an infected server. Using a 272-line script, the malware audits to see if any cryptominers on the system and installs its own. Shellbot was finally making about $300 a day, a figure will grow consistently as the malware spreads.
Sam Bisbee, who is Chief Security Officer at Threat Stack said,
"The threat actors behind this campaign have shown the ability and willingness to update this malware with new functionality after it has gained a foothold on an infected system."
He further added,
"They are fully capable of using this malware to exfiltrate, ransom or destroy data."
Shellbot is the most recent malware to put a premium on mining cryptocurrency instead of just exfiltrating files.