Tuesday, January 31, 2023
  • AI Identity Verification: Top changes in Digital Verification & Onboarding
  • GUAC Explained in 5 Minutes
  • Hundreds of Brand New Teslas Are Piling Up In Junk Yards
  • USENIX Security ’22 – Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols’
  • What To Expect From Your Incydr Rollout

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

SBN

Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

by David Bisson on December 7, 2018

Digital attackers used new malware called “Linux Rabbit” and “Rabbot” to install cryptominers on targeted devices and servers.

TechStrong Con 2023Sponsorships Available

In August 2018, researchers at Anomali Labs came across a campaign where Linux Rabbit targeted Linux servers located in Russia, South Korea, the United Kingdom and the United States. The malware began by using Tor hidden services to contact its command and control (C&C) server. After achieving persistence through “rc.local” files and “.bashrc” files, Linux Rabbit then set to work to brute forcing SSH passwords. If successful, the threat then attempted to install its payloads: the CNRig and CoinHive Monero miners.

The architecture of the targeted machine limited Linux Rabbit to installing only one of these miners successfully. The malware installed CNRig in the event the machine was x86-bit, for example. As for CoinHive, Linux Rabbit could install this machine only if it was an ARM/MISP.

Coinhive screenshot. (Source: Malwarebytes)

Several months later, Anomali Labs identified a similar campaign in September 2018. This operation involved the self-propagating worm Rabbot. This malware differs from Linux Rabbit in that it’s designed to target vulnerable Internet of Things by exploiting CVE-2018-1149, CVE-2018-9866 and other weaknesses. Even so, Rabbot does share Linux Rabbit’s code base, a similarity which could help explain how the two threats both search for HTML files in order to inject CoinHive scripts into hosted web pages.

At this time, the threat actor responsible for these attack campaigns remains unknown.

ThreatStrem users can learn more about these campaigns here. They can also obtain an in-depth look at Linux Rabbit and Rabbot here and here.

Security researchers can protect their organizations against these types of attack campaigns by using a strong password for SSH users and keys. Additionally, organizations should use a robust endpoint security solution that can both monitor for (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/linux-rabbit-and-rabbot-malware-leveraged-to-install-cryptominers/

December 7, 2018December 7, 2018 David Bisson cryptominers, IT Security and Data Protection, Latest Security News, Linux, Malware
  • ← Hackathon Uses Machine Learning to Improve Cybersecurity
  • Cybercrime Targets iOS users and 50,000 Execs | Avast →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
More Details of LastPass Breach: Hackers Used Stolen Encryption Key
New Ransomware Payment Reporting Requirements on Horizon
Chainguard Unveils Memory-Safe Linux Distribution
RIP Perimeter Security: Critical Infrastructure Breaches Demand New Approach
The Godfather Banking Trojan Expands Application Targeting to Affect More Europe-Based Victims
Magecart Attack: Hacker steals credit card info from Canada’s largest alcohol retailer
Authomize Research on Post-Holiday Account Takeovers
Public Groups Identify Tesla Terrorist After Unexplained Police Delay
What role does Cloud Computing play in Banking and Financial Services?

Upcoming Webinars

Tue 31

Moving Beyond SBOMs to Secure the Software Supply Chain

January 31 @ 11:00 am - 12:00 pm
Tue 31

Live-Hacking Container Workloads on AWS

January 31 @ 1:00 pm - 2:00 pm
Feb 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Feb 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Feb 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Feb 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Feb 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Feb 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Feb 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Chainguard Unveils Memory-Safe Linux Distribution
Application Security Cybersecurity Featured Mobile Security Network Security News Security Awareness Security Boulevard (Original) Spotlight 

Chainguard Unveils Memory-Safe Linux Distribution

January 27, 2023 Michael Vizard | 3 days ago 0
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

January 27, 2023 Richi Jennings | 3 days ago 0
More Details of LastPass Breach: Hackers Used Stolen Encryption Key
Analytics & Intelligence Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

January 27, 2023 Teri Robinson | 3 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Code Lifespan’

Randall Munroe’s XKCD ‘Code Lifespan’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.