Linux Servers Breached by Monero Mine Thieves Using SambaCry

Linux Servers Breached by Monero Mine Thieves Using SambaCry

A new wave of cybercrime is taking shape with the recent hijacking using SambaCry with unofficial reports projecting up to 5400 dollars’ worth of Monero mined. It is becoming increasingly evident that these internet crooks prefer mining Moneros by spreading internet viruses which expose the weakness of the operating system. This attack using SambaCry seems to be focused on Linux servers, which are breached and Monero is mined.

The new preference for criminally mining Monero as against other cryptocurrencies is one that raises some vital questions. One may want to assume that this may be so due to the fact that Monero is easier mined compared to others but this is really not so. Monero is really preferred because of the fact that they remain unknown. Other cryptocurrencies such as Bitcoin might not really offer that same level of anonymity.

The most recent attack software is called SambaCry, and it is reputed to only attack Linux servers. This might come as a shock to a lot of people, as Linux has been known to have a proven track record of being malware free as well as being resistant to other software attacks over time. But it should, however, be known that every operating system has its own weakness that could be taken advantage of with little effort, Linux is not exempted in this regard. These nefarious elements take advantage of an unidentified loophole found in the Linux machines by installing Samba.

It is yet to be seen how this challenge can be remediated due to the fact that these thieves can exploit this weakness via the SMB protocol. One can easily draw a direct comparison with the EternalBlue created by the NSA although that one only appeared to function against Windows operated machines. The new trend has been named “EternalRed”, which seems interesting. However, its connection to EternalBlue has however not been proven.

It, however, does appear that the initial EternalRed breach occurred on the 30th of May, which implies that it has been ongoing for an about two weeks now. It won’t be entirely impossible for those using this to virtually take control of the Linux server. The new wave of breaches seems to center on installing malware capable of mining the cryptocurrency.

Based on reports gotten officially, the criminals have made up to five thousand four hundred dollars in Monero from their activities so far. This might appear to be on the low side when compared to attacks in recent months, but it should be noted that no ransom was demanded. Instead, these bad eggs just install the software on the server and leave it to mine the XMR for them. This process consumes quite a lot of resources, and the everyday Linux servers do not make matters any better because of the low computing power. But this may certainly change in time for good.

What amazed many researchers was how these criminals managed to the server by hard coding their XMR wallet inside the software’s source code. This address has not yet been shared with the public yet, although recent information made available shows that 98 XMR has been mined so far. Since crooked elements are always looking for means to increase their gains, it would be interesting to see how this ends.