Saturday, January 23, 2021
  • To Deepfake the Dead Can Be Very Right
  • As Phishing Attacks Increase in Success, SlashNext Spear Phishing Detection Rates Highest Among Key Vendors
  • You’ll Be Shocked By The Percentage of Employees Clicking Phishing Emails
  • Gigante das telecomunicações revela uma violação no servidor Active Directory. O que podemos aprender com isso?
  • Uma inspeção minuciosa de suas conexões VPN: monitoramento com OpManager

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

by David Bisson on December 7, 2018

Digital attackers used new malware called “Linux Rabbit” and “Rabbot” to install cryptominers on targeted devices and servers.

In August 2018, researchers at Anomali Labs came across a campaign where Linux Rabbit targeted Linux servers located in Russia, South Korea, the United Kingdom and the United States. The malware began by using Tor hidden services to contact its command and control (C&C) server. After achieving persistence through “rc.local” files and “.bashrc” files, Linux Rabbit then set to work to brute forcing SSH passwords. If successful, the threat then attempted to install its payloads: the CNRig and CoinHive Monero miners.

The architecture of the targeted machine limited Linux Rabbit to installing only one of these miners successfully. The malware installed CNRig in the event the machine was x86-bit, for example. As for CoinHive, Linux Rabbit could install this machine only if it was an ARM/MISP.

Coinhive screenshot. (Source: Malwarebytes)

Several months later, Anomali Labs identified a similar campaign in September 2018. This operation involved the self-propagating worm Rabbot. This malware differs from Linux Rabbit in that it’s designed to target vulnerable Internet of Things by exploiting CVE-2018-1149, CVE-2018-9866 and other weaknesses. Even so, Rabbot does share Linux Rabbit’s code base, a similarity which could help explain how the two threats both search for HTML files in order to inject CoinHive scripts into hosted web pages.

At this time, the threat actor responsible for these attack campaigns remains unknown.

ThreatStrem users can learn more about these campaigns here. They can also obtain an in-depth look at Linux Rabbit and Rabbot here and here.

Security researchers can protect their organizations against these types of attack campaigns by using a strong password for SSH users and keys. Additionally, organizations should use a robust endpoint security solution that can both monitor for (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/linux-rabbit-and-rabbot-malware-leveraged-to-install-cryptominers/

December 7, 2018December 7, 2018 David Bisson cryptominers, IT Security and Data Protection, Latest Security News, Linux, Malware
  • ← Hackathon Uses Machine Learning to Improve Cybersecurity
  • Cheaper Alternative to JumpCloud® →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Capitol Rioters ID’ed With Help From Dating Apps
Is MDR Cybersecurity Training an Oxymoron?
How Utilities Can Mitigate Cyberthreats
Balancing Security and User Behavior in Remote Work
Bringing Source Code Security Up to Speed
Hackers Leaked 22 Million Records on the Dark Web in 2020
Digital identities for the new world
The Growing Importance of Security Assurance (And What It Means to Be Good at Compliance Operations)
Why are Employees Most Vulnerable to Cyber Attacks?
IAM Best Practices For DevOps

Upcoming Webinars

Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 09

How 2020’s Top 5 Attacks Reveal the Coming Cyberthreats in 2021

February 9 @ 1:00 pm - 2:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm
Feb 18

Protecting Sensitive Customer Data in the New Remote Agent Environment

February 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

What Are the 5 Elements of Trustworthy Digital Transformation?
CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Identity & Access Industry Spotlight Security Awareness Security Boulevard (Original) 

What Are the 5 Elements of Trustworthy Digital Transformation?

January 22, 2021 Tom Kellermann | Yesterday 0
5 Questions to Ask When Adopting a New SaaS Tool
Application Security CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

5 Questions to Ask When Adopting a New SaaS Tool

January 22, 2021 Dudi Cohen | Yesterday 0
3 Cybersecurity Challenges for Remotely Operating Critical Systems
Application Security Cybersecurity Endpoint Identity & Access Industry Spotlight Network Security Security Awareness Security Boulevard (Original) 

3 Cybersecurity Challenges for Remotely Operating Critical Systems

January 21, 2021 Bill Moore | 2 days ago 0

Top Stories

FBI to Investigate Parler, New Russian Host will be Revoked
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Endpoint Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Uncategorized 

FBI to Investigate Parler, New Russian Host will be Revoked

January 22, 2021 Richi Jennings | Yesterday 0
Trump Hates Cloud, Because China Cyber?
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight Threat Intelligence 

Trump Hates Cloud, Because China Cyber?

January 21, 2021 Richi Jennings | 1 day ago 0
Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | 4 days ago 0

Security Humor

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® !

Joy Of Tech® ‘After Trump’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.