Notorious cryptojacking malware Shellbot has been upgraded and has new tricks up its sleeve.
The TechCrunch site recently reported that cybersecurity company Threat Stack claimed Shellbot has been updated. The malware was initially discovered in 2005 and could retrieve credentials of SSH using brute force. It originally targeted SSH remote access systems on Linux servers that had weak passwords. Shellbot then mined privacy-centered monero (XMR).
Boston-based Threat Stack says the improved Shellbot can easily spread through an infected network and shut down other miners on the machines. The security firm allegedly discovered the new version of the malware on a Linux server used by an unidentified American company.
There are still questions on how the Shellbot is delivered, but researchers have already identified three essential components along with the script used in the installation.
Shellbot’s command and control server is reportedly an Internet Relay Chat (IRC) server. Attackers can utilize it to send command and verify the state of an infected server.
The malware was said to be earning around $300 daily, but that number is expected to grow as the virus spreads. Threat Stack’s chief security officer Sam Bisbee said that the danger doesn’t end there as Shellbot has the capacity to “exfiltrate, ransom, or destroy data.”
It’s ironic the news of Shellbot came out now as another cybersecurity firm, MalwareBytes, declared just last week that cryptojacking, or illicit crypto mining, is basically extinct. It would appear that the company spoke too soon, especially as US software firm Symantec revealed a few days later that it found an increase in a new crypto mining virus that was targeting corporate servers.