Re: Ubuntu, Crypto Malware
By: Android8675 to All on Tue Nov 15 2022 07:51 am
> Hey all, anyone have any experience with crypto infected Linux systems? My
> box that I use has mxrig running, and I've no idea how it got there, where
> it's hiding, or how to get it off my system. Speculating that it could be
> some rootkit bologna, and there's vague suggestions on the googles as to how
> to get it off my system without "nuking it from orbit".
>
> So, before I do that I thought I might see if there's anyone who's had
> experience with this sort of thing who might be willing to take a peek? Drop
> me a note at andyob [at] gmail.com if you've had some experience. I got the
> thing backed up, so I'm ok with letting you pop-on and see if you can work
> some magic.
I was running a version of GitLab (a year ago?) that had an exploit published an
d I was vulnerable for about 24 hours before upgrading to a fixed GitLab version
. During that 24 hours, a crypto miner (I forget the name) was installed and it
was pretty obvious from the impact on CPU utilization. I found and killed the pr
ocess manually and deleted the maliciously-installed files (in the /tmp dir, iir
c). Tools like ps, top, netstat should help you find the culperate process(es) a
nd get rid of them, but it is important that you find and remove (or update/patc
h) the software with the original vulnerability that was used to install the cry
pto miner in the first place.
--
digital man (rob)
Rush quote #57:
He picks up scraps of information, he's adept at adaptation .. Digital Man
Norco, CA WX: 68.5°F, 21.0% humidity, 0 mph NE wind, 0.00 inches rain/24hrs
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
|
