Sunday, February 17, 2019
  • Data Breaches: What Do the Numbers Mean?
  • LDAP for MSPs
  • Luke Kingma and Lou Patrick-Mackay’s Futurism: “Here’s The Story Of A Failed Group FaceTime”
  • BSides Tampa 2019, Mike Brooks’s ‘vCISO Is That The Right Answer’
  • Benefits of User Management

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

by David Bisson on December 7, 2018

Digital attackers used new malware called “Linux Rabbit” and “Rabbot” to install cryptominers on targeted devices and servers.

In August 2018, researchers at Anomali Labs came across a campaign where Linux Rabbit targeted Linux servers located in Russia, South Korea, the United Kingdom and the United States. The malware began by using Tor hidden services to contact its command and control (C&C) server. After achieving persistence through “rc.local” files and “.bashrc” files, Linux Rabbit then set to work to brute forcing SSH passwords. If successful, the threat then attempted to install its payloads: the CNRig and CoinHive Monero miners.

The architecture of the targeted machine limited Linux Rabbit to installing only one of these miners successfully. The malware installed CNRig in the event the machine was x86-bit, for example. As for CoinHive, Linux Rabbit could install this machine only if it was an ARM/MISP.

Coinhive screenshot. (Source: Malwarebytes)

Several months later, Anomali Labs identified a similar campaign in September 2018. This operation involved the self-propagating worm Rabbot. This malware differs from Linux Rabbit in that it’s designed to target vulnerable Internet of Things by exploiting CVE-2018-1149, CVE-2018-9866 and other weaknesses. Even so, Rabbot does share Linux Rabbit’s code base, a similarity which could help explain how the two threats both search for HTML files in order to inject CoinHive scripts into hosted web pages.

At this time, the threat actor responsible for these attack campaigns remains unknown.

ThreatStrem users can learn more about these campaigns here. They can also obtain an in-depth look at Linux Rabbit and Rabbot here and here.

Security researchers can protect their organizations against these types of attack campaigns by using a strong password for SSH users and keys. Additionally, organizations should use a robust endpoint security solution that can both monitor for (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/linux-rabbit-and-rabbot-malware-leveraged-to-install-cryptominers/

December 7, 2018December 7, 2018 David Bisson cryptominers, IT Security and Data Protection, Latest Security News, Linux, Malware
  • ← Hackathon Uses Machine Learning to Improve Cybersecurity
  • The Business Impact of Cyber Risk →
Featured Blog

Verodin Blog

Security Instrumentation for the Casino & Gaming Industry by Brian Contos

Verodin Blog

The Transformation of Talent & Technology by Kevin Morrison

Verodin Blog

Instrumenting Carbon Black with Verodin SIP

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Container Escape Vulnerability Puts Cloud Infrastructure at Risk
5 Steps to Doing Automation Right
Dispelling the ‘Security as Bad Guy’ Myth
IBM Warns Retailers of Trojan Threat
The Cyber-Risk Paradox: Benefits of New Technologies Bring Hidden Security Risks
ES2019 features coming to JavaScript (starring us!)
SAP Security Notes February ‘19: Several Critical Bugs Affecting SAP HANA XSA
Transforming Alert Fatigue Into Proactive Security Management
February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns
Champions of Health and Cybersecurity Unite at HIMSS 2019

Upcoming Webinars

Tue 26

Reducing Risk of Credential Compromise at Netflix

February 26 @ 1:00 pm - 2:00 pm
Apr 01

Container Security: Securing from Within

April 1 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Open Source Security Management in the Age of DevOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

What is Data in Vicinity?
Cybersecurity Endpoint Industry Spotlight Security Boulevard (Original) 

What is Data in Vicinity?

February 15, 2019 Mike Fong | 2 days ago 0
The Cryptojacking Boom May Be Over, but the Threat Remains
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

The Cryptojacking Boom May Be Over, but the Threat Remains

February 14, 2019 Jeremy Moskowitz | 3 days ago 0
5 Steps to Doing Automation Right
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

5 Steps to Doing Automation Right

February 13, 2019 Joe Schreiber | 4 days ago 0

Top Stories

WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in
Data Security DevOps Featured Identity & Access News Security Boulevard (Original) Spotlight Vulnerabilities 

WordPress Sites Hacked Through Vulnerable Payment Forms Plug-in

February 15, 2019 Lucian Constantin | 1 day ago 0
New Shlayer Malware Variant Targeting Macs
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

New Shlayer Malware Variant Targeting Macs

February 14, 2019 Lucian Constantin | 2 days ago 0
IBM Warns Retailers of Trojan Threat
Application Security Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

IBM Warns Retailers of Trojan Threat

February 12, 2019 Michael Vizard | 4 days ago 0

Security Humor

via  Luke Kingma and Lou Patrick-Mackay at  Futurism Cartoons

Luke Kingma and Lou Patrick-Mackay’s Futurism: “Here’s The Story Of A Failed Group FaceTime”

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.