An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network.
“This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer (P2P) proxy network, such as Peer2Profit or Honeygain,” Akamai researcher Allen West said in a Thursday report.
Unlike cryptojacking, in which a compromised system’s resources are used to illicitly mine cryptocurrency, proxyjacking offers the ability for threat actors to leverage the victim’s unused bandwidth to clandestinely run different services as a P2P node.
This offers two-fold benefits: It not only enables the attacker to monetize the extra bandwidth with a significantly reduced resource load that would be necessary to carry out cryptojacking, it also reduces the chances of discovery.
images from Hacker News