As many new developments for blockchain technology are looming on the horizon, so are many new potential threats. The potentially biggest threat until recently was KingMiner, but now it seems that the Shellbot malware has developed new capabilities of its own.

Threat Stack is a security firm from Boston and they believe that the Shellbot has been recently upgraded and poses a huge risk if left unchecked. According to experts, the Shellbot was operational back in 2005 but the recently added upgrades have allowed it to break into computers and use a huge percentage of their processing power to mine.

What’s interesting is that the Shellbot malware relies on a very old SSH brute force technique in order to break in the computers. It targets mostly Linux servers with a good internet access and weak passwords. After the infection, the Shellbot malware actively scans and removes other malware infections just so it takes more power for its own use.

The Shellbot malware has huge potential

The firm also found a United States company to be infected and the system was shut down until completely cleared. A dropper script was used to install the payload from the Shellbot’s command center which is an IRC chat server. The attackers can freely use the IRC chat to run commands and/or check the infection’s status.

According to some security experts, with a little work, this particular malware can be used to also ransom and destroy huge chunks of data.

Way back in 2005 and 2006, the original version of Shellbot was still oriented towards Linux servers. Now, a little over 10 years later, the malware has apparently found a new purpose, to mine Monero (XMR).

According to a Thread Stack analysis, the current primary goal of the revitalized Shellbot seems to be only monetary gain. Despite the potential of the malware for more serious harm, it seems currently the malware is focused entirely on mining XRP and infection other systems.

You can also check out:

Categories:

Mining News Monero

Share This