Yet Another Botnet is Targeting Linux

By

For two years a botnet has been targeting Linux, and you won't be surprised, in the slightest, what it's doing.

Recently the drastic rise in cryptocurrency trading prices has led to numerous online systems falling prey to botnets, seeking to mine for profit. This botnet, dubbed WatchDog, was discovered by Unit 42, who realized this particular threat has been active since January 2019.

WatchDog was written in Go and uses outdated enterprise applications as a point of entry. So far, Unit 42 has found 33 exploits, targeting 32 vulnerabilities in open source software, such as Drupal, Elasticsearch, Apache Hadoop, Redis, and the ThinkPHP framework.

Unit 42 estimates around 500 to 1,000 infected systems are currently being used by WatchDog to mine for cryptocurrency and the total profit was estimated at 209 Monero coins (worth roughly $32,000). However, the researchers have only been able to analyze a few binaries, so the figure will most likely be considerably higher.

The one silver lining is that Unit 42 has yet to discover that any credentials have been stolen. That, of course, could change at any moment. To that end, all admins are encouraged to keep all Linux systems (and the apps that run on said systems) updated.

For more information on WatchDog, read the full Unit 42 report.

02/22/2021
comments powered by Disqus