{"id":8217,"date":"2023-01-04T10:13:19","date_gmt":"2023-01-04T10:13:19","guid":{"rendered":"https:\/\/reconcybersecurity.com\/?p=8217"},"modified":"2023-04-16T10:58:04","modified_gmt":"2023-04-16T10:58:04","slug":"could-linux-systems-that-use-shc-be-at-risk-of-a-new-malware-strain-targeting-their-cryptocurrency-miners-cyber-security-recon-force","status":"publish","type":"post","link":"https:\/\/reconcybersecurity.com\/blogs\/could-linux-systems-that-use-shc-be-at-risk-of-a-new-malware-strain-targeting-their-cryptocurrency-miners-cyber-security-recon-force\/","title":{"rendered":"Could Linux systems that use SHC be at risk of a new malware strain targeting their cryptocurrency miners? | Recon Cyber Security"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/reconcybersecurity.com\/\"><img decoding=\"async\" src=\"https:\/\/reconcybersecurity.com\/wp-content\/uploads\/2023\/01\/1.png\" alt=\"\" class=\"wp-image-8218\"\/><\/a><\/figure>\n\n\n\n<p class=\"has-black-color has-text-color has-medium-font-size\">A <a href=\"https:\/\/reconcybersecurity.com\/6-months-diploma-course-in-cyber-security\/\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">malicious program developed<\/mark><\/strong><\/a> using <strong>shc<\/strong>, the shell script compiler, has been found deploying a cryptocurrency miner to victimized systems. The AhnLab Security Emergency Response Center <em>(ASEC)<\/em> revealed in today&#8217;s report that it is assumed this malware accessed the targets by utilizing a dictionary attack on improperly managed Linux SSH servers.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/reconcybersecurity.com\/\"><img decoding=\"async\" src=\"https:\/\/reconcybersecurity.com\/wp-content\/uploads\/2023\/01\/2.png\" alt=\"\" class=\"wp-image-8219\"\/><\/a><\/figure>\n\n\n\n<p class=\"has-black-color has-text-color has-medium-font-size\"><a href=\"https:\/\/reconcybersecurity.com\/one-year-diploma-course\/\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0);color:#ff0000\" class=\"has-inline-color\">The Secure Shell <\/mark><\/strong><\/a>(SSH) Compiler, or SHC, is a utility comparable to BAT2EXE for Windows. It enables the transformation of shell scripts into binaries, ensuring any unauthorized adjustments to source code are avoided. As identified by South Korean cyber security specialists, in cases of successful infiltration of an SSH server, a malware downloader accompanied by a DDoS IRC Bot written in Perl can be deployed.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-medium-font-size\">Subsequently, the SHC downloader acquires <em>XMRig<\/em> miner software to generate cryptocurrency. Furthermore, its IRC bot is equipped with the ability to communicate with a distant server and gain instructions for executing <a href=\"https:\/\/reconcybersecurity.com\/top-cyber-attacks-caused-by-iot-security-vulnerabilities-recon-cyber-security-cyber-security\/\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0);color:#08a5ff\" class=\"has-inline-color\">distributed denial-of-service (DDoS) attacks.<\/mark><\/strong><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/reconcybersecurity.com\/\"><img decoding=\"async\" src=\"https:\/\/reconcybersecurity.com\/wp-content\/uploads\/2023\/01\/3.png\" alt=\"\" class=\"wp-image-8220\"\/><\/a><\/figure>\n\n\n\n<p class=\"has-black-color has-text-color has-medium-font-size\">ASEC researchers stated that this bot not only can carry out DDoS attacks such as <a href=\"https:\/\/reconcybersecurity.com\/what-is-nessus-and-what-does-it-do-cyber-security-recon-cyber-security\/\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">TCP flood<\/mark><\/strong><\/a>, <a href=\"https:\/\/reconcybersecurity.com\/what-is-nessus-and-what-does-it-do-cyber-security-recon-cyber-security\/\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">UDP flood<\/mark><\/strong><\/a>, and <a href=\"https:\/\/reconcybersecurity.com\/http-cookie-cyber-security-recon-cyber-security\/\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0);color:#005daf\" class=\"has-inline-color\">HTTP flood<\/mark><\/strong><\/a>, but it also possesses other features including command execution, reverse shell, port scanning, and log deletion. The campaign is predominantly targeting poorly protected <a href=\"https:\/\/reconcybersecurity.com\/ethical-hacking-course\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">Linux<\/mark><\/strong><\/a> SSH servers in South Korea because all the sch downloader artifacts have been sent from there to VirusTotal. To stay secure from brute-force attempts and dictionary attacks, users must abide by good password hygiene habits and regularly rotate their passwords. Moreover, keeping the operating systems updated is highly suggested.<\/p>\n","protected":false},"excerpt":{"rendered":"A malicious program developed using shc, the shell script compiler, has been found deploying a cryptocurrency miner to&hellip;\n","protected":false},"author":1,"featured_media":10770,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[143],"tags":[302,347,240,348,349,56,311,350,57],"class_list":{"0":"post-8217","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-defend-the-web","8":"tag-cookies-connection","9":"tag-cryptocurrency-miners","10":"tag-cyber-security","11":"tag-linux","12":"tag-malware","13":"tag-phishing-tool","14":"tag-recon-cyber-security","15":"tag-shc","16":"tag-social-media-hacking"},"_links":{"self":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/8217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/comments?post=8217"}],"version-history":[{"count":2,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/8217\/revisions"}],"predecessor-version":[{"id":10771,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/8217\/revisions\/10771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/media\/10770"}],"wp:attachment":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/media?parent=8217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/categories?post=8217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/tags?post=8217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}