Comment

Comment on Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs

Salamendacious@lemmy.world ⁨8⁩ ⁨months⁩ ago

This is a different article but you should find at least some more information on how the malware works with Linux here:

bleepingcomputer.com/…/stripedfly-malware-framewo…

I’m not a Linux user so I honestly don’t know if that article is incredibly helpful or not.

source

Sort:hotnew top

girsaysdoom@sh.itjust.works ⁨8⁩ ⁨months⁩ ago
From what it’s describing, it sounds like it would only impact Linux computers that allow SMB1 access, such as domain-joined systems with samba access allowed. It sounds like this would target mainly enterprise Linux deployments.

source
- Eyron@lemmy.world ⁨8⁩ ⁨months⁩ ago
  They describe an SSH infector, as well as a credentials scanner. To me, that sounds like it started like from exploited/infected Windows computers with SSH access, and then continued from there.
  
  With how many unencrypted SSH keys there are, how most hosts keep a list of the servers they SSH into, and how they can probably bypass some firewall protections once they’re inside the network: not a bad idea.
  
  source
  - Salamendacious@lemmy.world ⁨8⁩ ⁨months⁩ ago
    I think the original article talked about “spreading” to Linux machines so that generally tracks with what you’re saying that it starts on a Windows machine that itself has access to a Linux machine.
    
    source
- aniki@lemm.ee ⁨8⁩ ⁨months⁩ ago
  [deleted]
  source
  - Salamendacious@lemmy.world ⁨8⁩ ⁨months⁩ ago
    My job still had Windows 95 machines running just a couple years ago. Could there still be Samba1 running out there or does Linux update differently?
    
    source
    lemmyvore@feddit.nl ⁨8⁩ ⁨months⁩ ago
    Of course there is. Unfortunately the average Linux self-hoster doesn’t have much of a clue and probably runs vulnerable Samba (even if it’s not S1). Of course it doesn’t help that Samba seems to get a vulnerability about once a week. It’s one of the most targeted pieces of network software you could run.
    
    source
    -> View More Comments
    aniki@lemm.ee ⁨8⁩ ⁨months⁩ ago
    [deleted]
    source
    -> View More Comments
    Toes@ani.social ⁨8⁩ ⁨months⁩ ago
    Yeah windows 2000 assembly robots, too expensive to replace and too critical to not keep alive.
    
    source
    -> View More Comments
    micka190@lemmy.world ⁨8⁩ ⁨months⁩ ago
    The bank I work at still has core systems running Lotus 🙃
    
    source
    -> View More Comments
- Salamendacious@lemmy.world ⁨8⁩ ⁨months⁩ ago
  Interesting, thanks for that
  
  source
Buffalox@lemmy.world ⁨8⁩ ⁨months⁩ ago
From what you wrote originally, it’s absolutely useless, and not worth reading.

source
- Salamendacious@lemmy.world ⁨8⁩ ⁨months⁩ ago
  That’s fair
  
  source