Linux Malware Campaign Targets Misconfigured Cloud Servers


Cado Security warns of a cryptojacking campaign including Linux malware that targets misconfigured Apache Hadoop, Confluence, Docker, and Redis instances with fresh and unique harmful payloads.

During the campaign, the attackers use four new Golang payloads to automate the finding and exploitation of susceptible systems, as well as a reverse shell and several user-mode rootkits to conceal their existence.

In Docker-targeted attacks, threat actors used a command to launch a new container and set up a bind mount for the server’s root directory, allowing them to write an executable that connected to the attackers’ command-and-control (C&C) server and retrieved a first-stage payload.

Read more: Linux Malware Campaign Targets Misconfigured Cloud Servers

Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.