According to the report, these new findings are revealed by Boston-based cybersecurity firm named ‘Threat Stack’. The firm claims that Shellbot, that was 1st ‘discovered‘ earlier in 2005, has received a significant update.
The actual Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux based servers secured by weak passwords. This malware then mines privacy-focused altcoin Monero [XMR]. Threat Stack claims that this new-and-modified version is capable of expanding via an infected network and terminating other miners operational on the same machines.
Threat Stack apparently uncovered the new iteration of Shellbot on the Linux server of an anonymous U.S. based company. Whereas it’s still unclear how this malware is delivered, the researchers were able to identify 3 components and also located the script deployed to install it.
The command and control server of the malware is an IRC [Internet Relay Chat] server, that attackers use to pass commands and check the status of an affected server. Shellbot was reportedly making over $300 USD daily, a figure that stands to grow as the malware spreads.
The chief security officer at Threat Stack namely ‘Sam Bisbee’, told TechCrunch that the potential of the virus doesn’t stop here. Explaining further, he added:
“They are totally capable of employing this malware to exfiltrate, ransom, or even destroy information/ data.”
As reported earlier last week, another renowned cybersecurity firm namely ‘MalwareBytes’ declared illegal cryptocurrency ‘mining‘ against users – additionally dubbed as ‘cryptojacking‘ – “essentially extinct.”
Also, American software security firm named ‘Symantec’ found a spike within new cryptocurrency mining malware that specifically targets corporate networks.