As we can well agree, Shellbot made its appearance in 2005, at that time Shellbot was able to brutally force the credentials of SSH remote access services on Linux servers protected by weak passwords. But, over time it has been receiving improvements and updates. The malware then undermines privacy-centric cryptocurrency monero (XMR).
With the exponential rise in the value of cryptocurrencies, cybercrime efforts based on these digital currencies have also increased. Aside from the devastating rise in ransomware attacks, illegal mining of cryptocurrencies on devices you don’t own, also known as cryptojacking, has become a commercial-grade threat used in the hands of lone criminals and organized groups alike.
In some cases, the cryptojacking operations that keep mining farms processing coins reached the magnitude of a $ 50 million business for their bot masters. ShellBot malware lives within this ecosystem. While it is a fairly simple piece of Perl-based code, it allows attackers to set up Internet Relay Chat (IRC) controlled botnets that control the mining of coins on computers, Linux servers, Android devices, and Internet devices from things.
While it started out as a basic IRC bot, over time ShellBot has been using effective exploits to compromise servers and devices. It started with a ShellShock campaign (CVE-2014-6271), which is how it got its name, but over the years it has used Drupalgeddon (CVE-2018-7600) and other exploits that can compromise large swaths of devices.
ShellBot infections often use brute force attacks to guess passwords for specific servers and devices, which shows why having a strong password is so important. In the botnets that IBM X-Force examined, the most frequently used types of credentials helped identify targets such as misconfigured databases, FTP servers, monitoring servers, and other Linux machines.
ShellBot is placed as a payload on systems and devices where a password was forced. Immediately after a successful login, the infected machine or device receives a list of commands to execute; These include sending system information, downloading and running a PERL script, deleting records, deleting command history, and removing payload.
Check also:
PandaStealer, the new threat to cryptocurrencies
The Dangers of Cryptojacking and how it affects users
