Monero miner obfuscates himself from most monitoring tools
November 9th, 2018, By Sergiu Gatlan
A new cryptocurrency mining malware strain targeting Linux computers and capable of obfuscating itself from both the user and process monitoring tools using a rootkit has been discovered by a team of Trend Micro security researchers.
Because there is no apparent way through which the cryptomining malware manages to compromise and infect the Linux boxes, Trend Micro's researchers think that the bad actors behind this malware strain have been able to compromise a legitimate app and use it to install their malicious tools on targets' computers.
"We construe that this cryptocurrency-mining malware’s infection vector is a malicious, third-party/unofficial or compromised plugin (i.e., media-streaming software)," says Trend Micro's report.
"Installing one entails granting it admin rights, and in the case of compromised applications, malware can run with the privileges granted to the application. It’s not an uncommon vector, as other Linux cryptocurrency-mining malware tools have also used this as an entry point."
Trend Micro has named the Monero-mining malware Coinminer.Linux.KORKERDS.AB and the rootkit component it uses to hide as Rootkit.Linux.KORKERDS.AA.
Full Article.