The Outlaw group is conducting an active campaign which is targeting Linux systems in cryptocurrency mining attacks.
On Tuesday, the JASK Special Ops research team disclosed additional details (.PDF) of the attack wave which appears to focus on seizing infrastructure resources to support illicit Monero mining activities.
The campaign uses a refined version of Shellbot, a Trojan which carves a tunnel between an infected system and a command-and-control (C2) server operated by threat actors.
The backdoor is able to collect system and personal data, terminate or run tasks and processes, download additional payloads, open remote command line shells, send stolen information to a C2, and also receive additional malware payloads from controllers.
The bot first emerged in November 2018. According to Trend Micro, the malware is the work of the Outlaw group, a rough translation derived from "haiduc," a Romanian phrase which has been bequeathed to the main hacking tool the group uses.
Shellbot is an IRC bot which is distributed through common command injection vulnerabilities which target not only vulnerable Linux servers, but also a variety of Internet of Things (IoT) devices.
The cybersecurity researchers note that Shellbot has the capacity to affect Windows environments and Android devices, too, but such infections are uncommon.
See also: Facebook's worst privacy scandals and data disasters
In attacks recorded in November by Trend Micro, Outlaw was able to compromise a File Transfer Protocol (FTP) server of a Japanese art organization, alongside a Bangladeshi government website. Another attack recorded b...