New Linux Crypto-miner Steals Your Root Password and Disables Your Antivirus

Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. ZDNet reports: The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes. The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules. Once the trojan has a foothold on the system it uses one of two privilege escalation exploits CVE-2016-5195 (also known as Dirty COW) and CVE-2013-2094 to get root permissions and have full access to the OS.

Re:Scaremongering much?

[Gavagai80]

Every Linux "virus" article I've seen, and there've been a lot of them, has turned out to be about a trojan. Apparently people can't tell the difference anymore. It's a safe bet that this gets on your system by your choosing to download and install a random piece of software you have no reason to trust, instead of sticking to your repositories.

Re:relies on 2 and 5 year old exploits...

MS does this because of all the bad press botnets have received over the years when people did not do updates on their systems.