Categories: NewsSecurity

Latest Linux Mining Malware Uses Minergate’s Monero Pool

It has been a while since we last saw a new malware threat in the form of a cryptocurrency miner. Do not be mistaken in thinking cybercriminals have given up on the idea, though. A new cryptocurrency mining malware referred to as Linux.BTCMine.26 is actively distributed to Linux computers using default Telnet credentials. Unlike what the name suggests, it does not mine Bitcoin but is more interested in Monero. Additionally, it only targets X86-64 and ARM hardware-based devices.

Yet Another BTCMine Malware Variant

People who have kept tabs on the cryptocurrency mining malware scene may recognize the BTCMine name. It is neither the first nor the last time this name will be associated with nefarious tools designed to use other people’s device resources and mine cryptocurrency. With Bitcoin mining becoming extremely unprofitable without the use of specific hardware, there are other currencies which can still be mined with relative ease. One of those currencies is Monero, an altcoin which recently surged in value after weeks of sideways trading action.

The new mining malware was discovered earlier this week. It appears to be mainly targeting Linux servers and computers, which is not entirely unusual. While the Linux operating system has been pretty safe from cybercriminal activity the past few years, things are very different when it comes to cryptocurrency mining malware. Several types have targeted Linux users over the past few months and it looks like things will not be changing anytime soon. Linux.BTCMine.26 searches for Linux devices which use default or blank Telnet credentials to establish a connection.

One would be surprised by how many Linux device users do not take Telnet security seriously. Operators often fail to make changes to the default settings, which is never a good course of action. The malware has a built-in Telnet scanner similar to the one found in the Mirai malware. For now, this scanner will only seek out IPv4 addresses, although IPv6 support may be added in the future. Once it finds a susceptible IP address, it will attempt to log in through a Telnet connection. Assuming this connection is made successfully, the malware will execute commands to download the BTCMine binary in question.

Related Post

This malware’s source code has many references to Brian Krebs, one of the industry leaders when it comes to infosec. There is a war going on between infosec journalists and cybercriminals, and calling out one another has become somewhat of the norm over the years. The code also reveals that the malware uses the Minergate XMR pool to successfully mine the cryptocurrency using the username “catsmeowalot@cock.li.” It is doubtful the pool could do anything about this, as the criminals would easily create a new username within seconds.

Sadly, this is yet another example of how cybercriminals are targeting cryptocurrency in one way or another. Some efforts focus on stealing wallets and phishing scams, whereas others just use computer resources to mine currencies such as Monero and ZCash. We will assuredly see other mining malware types emerge over the coming months, not all of which will only be native to the Linux operating system.

Cybercriminals still have a lot of love for cryptocurrencies in general. Monero is a far more anonymous solution compared to Bitcoin. This does not mean Monero is a perfect tool for criminals by any means, even though it is not hard to see why they would prefer to mine it than Bitcoin. It will be interesting to see how this situation evolves in the coming months and years. Until users start taking device security more seriously, malware types such as this one will always be somewhat successful.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

3 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

4 hours ago

IntelMarkets (INTL) Receives Massive Demand From Chainlink And SUI Investors Looking To Position For The Best Bull Run Gains

As the cryptocurrency market gears up for a bull run, IntelMarkets (INTL) is attracting significant…

4 hours ago

FOMO Selling Trigger $1 Billion Liquidations as LINK & SOL Bleed Heavily; What to Do Next?

In the past, Chainlink (LINK) and Solana (SOL) have been among the most discussed altcoins…

9 hours ago

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

15 hours ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

21 hours ago