I don’t know why op did not want to share the original report, but it is linked in the article: securelist.com/…/110903/
Comment on Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs
Buffalox@lemmy.world 11 months ago
According to Kaspersky, StripedFly uses its own custom EternalBlue attack to infiltrate unpatched Windows systems and quietly spread across a victim’s network, including to Linux machines.
Yeah I call bullshit on that.
tja@sh.itjust.works 11 months ago
Socsa@sh.itjust.works 11 months ago
I took am struggling to find the actual Linux vuln. It sounds like it steals ssh keys, so maybe just poorly configured hosts?
Buffalox@lemmy.world 11 months ago
You should always have a file your home folder named SSH keys and Root password. /s
That’s not just poor configuration, that’s complete disregard for security.
Salamendacious@lemmy.world 11 months ago
This is a different article but you should find at least some more information on how the malware works with Linux here:
bleepingcomputer.com/…/stripedfly-malware-framewo…
I’m not a Linux user so I honestly don’t know if that article is incredibly helpful or not.
girsaysdoom@sh.itjust.works 11 months ago
From what it’s describing, it sounds like it would only impact Linux computers that allow SMB1 access, such as domain-joined systems with samba access allowed. It sounds like this would target mainly enterprise Linux deployments.
Eyron@lemmy.world 11 months ago
They describe an SSH infector, as well as a credentials scanner. To me, that sounds like it started like from exploited/infected Windows computers with SSH access, and then continued from there.
With how many unencrypted SSH keys there are, how most hosts keep a list of the servers they SSH into, and how they can probably bypass some firewall protections once they’re inside the network: not a bad idea.
Salamendacious@lemmy.world 11 months ago
I think the original article talked about “spreading” to Linux machines so that generally tracks with what you’re saying that it starts on a Windows machine that itself has access to a Linux machine.
aniki@lemm.ee 11 months ago
Salamendacious@lemmy.world 11 months ago
My job still had Windows 95 machines running just a couple years ago. Could there still be Samba1 running out there or does Linux update differently?
Salamendacious@lemmy.world 11 months ago
Interesting, thanks for that
Buffalox@lemmy.world 11 months ago
From what you wrote originally, it’s absolutely useless, and not worth reading.
Salamendacious@lemmy.world 11 months ago
That’s fair