Linux.Lady malware turns Linux servers into bitcoin miners

posted almost 6 years ago
A new trojan targeting Linux servers has been discovered in the wild, exploiting servers running the Redis NoSQL database to use them for bitcoin mining. Up to 30,000 Redis servers may be vulnerable, largely because careless systems administrators have put them online without setting a password.

The Linux.Lady malware was discovered by Russian antivirus software vendor Dr Web and is written using Google's Go programming language, largely based on open source Go libraries hosted on GitHub.

The malware uses a more compact trojan called Linux.Downloader.196 to download the main payload after infection. Linux.Lady sends basic information about the cracked system to the command-and-control (C&C) server.

The next step in the infection process is a configuration file sent from the C&C server to start the cryptocurrency mining process for the benefit of the malware's controllers. Linux.Lady is also self-propagating.
Tags: news, bitcoin