Table of Contents
A recently discovered cryptomining worm has been targeting Windows and Linux devices using several new exploits.
Juniper, a research company, began monitoring the Sysrv botnet in December. One of the components of this virus is a worm that spreads from one vulnerable device to another without requiring any user action what-so-ever.
It was able to do this by scanning the Internet for vulnerable devices. When it found them, it infected them using a list of exploits that the hackers added to over time.
The virus even included a cryptominer that generates Monero digital currency using the infected devices. Each component had a separate binary file.
A Threat For Windows And Linux Alike
The main Sysrv binary is a 64-bit Go binary. The binary was packed with the open source UPX executable packer. There are versions for both Linux and Windows. Two of the Windows binaries were detected by only 33 and 48 of the top 70 malware protection services, respectively. Only on the Linux side those figures were just 6 and 9.
The big issue with this virus is not just the strain on computing resources and power usage. Software that can run a crypto miner more than likely, although not certainly, install ransomware and other malicious software.