Thursday, April 9, 2020
  • The Solution to Manage Virtual Desktops
  • What Can Azure AD Tell You About Your Organization?
  • Sonatype: Fighting COVID-19 Together
  • Musings on Modern Data Security
  • Imperva is a Leader in the Forrester Wave: Web Application Firewalls, Q1

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

by David Bisson on December 7, 2018

Digital attackers used new malware called “Linux Rabbit” and “Rabbot” to install cryptominers on targeted devices and servers.

In August 2018, researchers at Anomali Labs came across a campaign where Linux Rabbit targeted Linux servers located in Russia, South Korea, the United Kingdom and the United States. The malware began by using Tor hidden services to contact its command and control (C&C) server. After achieving persistence through “rc.local” files and “.bashrc” files, Linux Rabbit then set to work to brute forcing SSH passwords. If successful, the threat then attempted to install its payloads: the CNRig and CoinHive Monero miners.

The architecture of the targeted machine limited Linux Rabbit to installing only one of these miners successfully. The malware installed CNRig in the event the machine was x86-bit, for example. As for CoinHive, Linux Rabbit could install this machine only if it was an ARM/MISP.

Coinhive screenshot. (Source: Malwarebytes)

Several months later, Anomali Labs identified a similar campaign in September 2018. This operation involved the self-propagating worm Rabbot. This malware differs from Linux Rabbit in that it’s designed to target vulnerable Internet of Things by exploiting CVE-2018-1149, CVE-2018-9866 and other weaknesses. Even so, Rabbot does share Linux Rabbit’s code base, a similarity which could help explain how the two threats both search for HTML files in order to inject CoinHive scripts into hosted web pages.

At this time, the threat actor responsible for these attack campaigns remains unknown.

ThreatStrem users can learn more about these campaigns here. They can also obtain an in-depth look at Linux Rabbit and Rabbot here and here.

Security researchers can protect their organizations against these types of attack campaigns by using a strong password for SSH users and keys. Additionally, organizations should use a robust endpoint security solution that can both monitor for (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/linux-rabbit-and-rabbot-malware-leveraged-to-install-cryptominers/

December 7, 2018December 7, 2018 David Bisson cryptominers, IT Security and Data Protection, Latest Security News, Linux, Malware
  • ← Hackathon Uses Machine Learning to Improve Cybersecurity
  • Cheaper Alternative to JumpCloud® →

TechStrong TV – Live Streaming

TechStrong TV - All Episodes

See Latest Episode

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

COVID-19: China and Russia Disinformation and Shenanigans
The Adventures of Microservice – The Birth of Microservice
Keeping Up With Encryption in 2020
Russia Hijacks Traffic of Huge Cloud and CDN Services
New Ransomware Innovations Bring Shame
Zoom Recordings Exposed
Comparison of WebEx Security Versus Zoom Shady Practices
A Round-up of Data Breaches in March 2020
Amid a Major Skills Shortage, CISOs Are Turning to Security Analytics and Threat Intelligence
Truth, Trust and Cybersecurity Risk

Upcoming Webinars

There are no upcoming webinars at this time.

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Why Cybersecurity Should Be Your Company’s Next Social Good Investment
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Why Cybersecurity Should Be Your Company’s Next Social Good Investment

April 9, 2020 Kaylin Trychon | Yesterday 0
Should a WFH SOC Be a New Reality?
Cybersecurity Incident Response Industry Spotlight Security Boulevard (Original) 

Should a WFH SOC Be a New Reality?

April 8, 2020 Chris Triolo | 1 day ago 0
New Ransomware Innovations Bring Shame
Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

New Ransomware Innovations Bring Shame

April 7, 2020 Marcus Chung | 2 days ago 0

Top Stories

Report Details COVID-19 Phishing Attacks Based on Emails From White House
Cybersecurity Featured News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches 

Report Details COVID-19 Phishing Attacks Based on Emails From White House

April 9, 2020 Michael Vizard | Yesterday 0
Untangle Extends Security Alliance With Webroot
Cybersecurity Data Security Endpoint Featured Network Security News Security Boulevard (Original) Spotlight 

Untangle Extends Security Alliance With Webroot

April 8, 2020 Michael Vizard | 1 day ago 0
Russia Hijacks Traffic of Huge Cloud and CDN Services
Cloud Security Cyberlaw Cybersecurity Data Security Featured Identity & Access News Security Boulevard (Original) Spotlight 

Russia Hijacks Traffic of Huge Cloud and CDN Services

April 7, 2020 Richi Jennings | 2 days ago 0

Security Humor

via  Luke Kingma  &  Lou Patrick-Mackay  at  Futurism Cartoons

Luke Kingma & Lou Patrick-Mackay’s Futurism Cartoon ‘Real Robot’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.