Outlaw hackers return with cryptocurrency mining botnet. The group is using Chinese victims as guinea pigs to try out their malware. The Outlaw hacking group has reemerged and is once again on the radar of cybersecurity researchers following the detection of a botnet attacking systems to mine for cryptocurrency. The botnet spreads a miner for Monero (XMR).
After a honeypot operated by the cybersecurity firm detected a URL spreading the botnet, the miner was found to be bundled with a Perl-based backdoor component and an SSH backdoor, both of which are elements associated with previous Outlaw attacks.
Jake Moore, Cybersecurity Specialist at ESET:
“Brute-force attacks on the Secure Shell (SSH) service are used more and more frequently to compromise accounts. Attackers use a technique where they deploy botnets against large numbers of servers affording them the ability to launch large-scale attacks from multiple sources – ie to deploy the mining software on machines which allow it to execute. To defend against this SSH brute-force attack means going back to cybersecurity basics, such as utilising good password management, not using common usernames and of course using multi-factor authentication wherever possible. It is also possible to make the root password inaccessible via a direct SSH connection as well as not allowing SSH passwords at all.”