New Variant of Gafgyt Botnet Targets Cloud Servers for Cryptocurrency Mining

August 16, 2024

cyber security hacker

The Gafgyt botnet [1] [2] [4] [5] [6], also known as BASHLITE [1] [4], Lizkebab [1] [3] [4], and Torlus [1] [3] [4], has been active since at least 2014 [1], targeting devices with weak or default credentials [1].

Description

Recently, a new variant of the botnet has emerged [3] [5], focusing on cloud servers with weak SSH passwords for cryptocurrency mining using GPU computing power [3]. This variant utilizes brute-force attacks to compromise SSH servers and deploys the XMRig cryptominer to mine Monero (XMR). It also incorporates a worming module named ld-musl-x86 to spread the malware to other poorly secured servers [4], including cloud environments like AWS and Azure [4]. The new approach involves using the XMRig miner with flags that enable GPU and Nvidia GPU support [4], indicating a shift towards more powerful cloud-native environments [4]. The primary impact of this variant is crypto-mining [2], targeting cloud-native environments with strong CPU and GPU capabilities [2] [5]. Users are advised to secure SSH servers against brute-force attacks and potential exploitation [2].

Conclusion

The Gafgyt botnet’s new variant poses a significant threat to cloud servers with weak SSH passwords, exploiting GPU computing power for cryptocurrency mining. To mitigate risks, users should strengthen SSH server security and monitor for potential exploitation. This shift towards more powerful cloud-native environments highlights the need for enhanced cybersecurity measures to protect against evolving threats.

References

[1] https://www.ruetir.com/2024/08/15/gafgyt-botnet-new-variant-targets-cryptocurrency-miners/
[2] https://thehackernews.com/2024/08/new-gafgyt-botnet-variant-targets-weak.html
[3] https://www.altusintel.com/public-yyc9rx/?tt=1723716004
[4] https://cybermaterial.com/gafgyt-botnet-exploits-weak-ssh-for-crypto/
[5] https://cyber.vumetric.com/security-news/2024/08/15/new-gafgyt-botnet-variant-targets-weak-ssh-passwords-for-gpu-crypto-mining/
[6] https://www.vpnranks.com/news/gafgyt-botnet-targets-weak-ssh-for-gpu-crypto-mining/