Found hidden miners on Linux

Analysts specializing in Japanese cybersecurity company Trend Micro have discovered the KORKERDS cryptocurrency miner, which is characterized by somewhat atypical behavior. This was reported on the company's website.

Researchers have not determined exactly how the threat spread. However, most likely, the download occurred after installing some software or through a plug-in that was compromised.

The researcher commissioned the identifier of Coinminer.Linux.KORKERDS.AB to miners (XMR), miners of cryptocurrency mining. It should be noted that other components are also used – rootkits (Rootkit.Linux.KORKERDS.AA), which "hide" the mining process from monitoring tools.

After starting the miner's work hidden in the system, the CPU load increases to 100%. However, users are not easy to find out the reason. The situation is complicated by rootkits that use hooks for readdir and readdir64 APIs, and libc libraries. Normal library files are overwritten, with readdir replaced with a fake version.

A malicious version of readdir is used to hide the mining process (kworkerds). After that, it becomes much more difficult to identify miners, despite the fact that the processor load shows suspicious activity.

According to the researchers, new miners can pose a threat not only to servers, but also to ordinary Linux users.

Remember in Canada launched a mining farm with an area of ​​more than 2500 m.. The mining center project is supported by the local government.

We also wrote it Armenia opens the largest data center in the world with three thousand mining machines. Investors have invested $ 50 million in mining projects.

Meanwhile legalization of Bitcoin and other cryptocurrency will come in Ukraine. The concept of "mining" and "signs" will be determined at the legislative level.

Previous NBU refuses to recognize the Bitcoin currency. Cryptocurrency, according to National Bank, is also not a payment instrument. "World regulators are not worried about cryptocurrency threats because of their small volume. They only care about the fact that people can lose money and fraud"– Said then deputy head of the NBU Oleg Chury.